Threat and Exposure Management SME

Threat and Exposure Management SME
6 Month contract initially
Based: Hybrid/London. Maximum of 2-3 days onsite p/w.
Rate: £Market rates p/d (via Umbrella company)

We have a great opportunity with a world leading organisation where you will be provided with all of the support and development to succeed. A progressive organisation where you can really make a difference. We have a great opportunity for a Threat and Exposure Management SME to join the team.
Responsible for the end-to-end vulnerability management process, including assessing systems, analysing risks, prioritizing fixes, and tracking remediation across IT and cloud platforms. This role is a key connector between security operations and business stakeholders, focusing on minimizing critical risks, reducing the overall attack surface, and strengthening the organization's security posture. A successful candidate will proactively monitor the evolving threat landscape, tools, and methodologies to maintain a strong defence.

Key Responsibilities:
* Work to protect the company and its customers from materially impactful events to its Business, Brand and Customer eg, catastrophic events, significant financial losses, and highly embarrassing events.
* Utilize commercial and open-source intelligence providers to gain insight into existing activities in the hacker and fraudster communities, as well as planned activities and emerging motivations.
* Developing analytics and Provides support to incident response teams during cyber events in the form of attack attribution and recommended courses of action based on knowledge of the adversary and collaborate on threat hunting with SOC.
* Conduct malware analysis and provide indicators for defensive measures and understand attack signatures and techniques.
* Conduct threat investigations and operations using known adversary tactics, techniques and procedures indicators of attack in order to detect adversaries and help operationalise effective Threat Services and controls to protect core business processes and customer data
* Ensure generation, maintenance, and protection of required documentation, reporting and traceability.
* Identify and respond to threats: Incorporating industry intelligence to enable proactive threat detection, containment, and response.
* Support the TEM manager to Report and Maintain Key Risk, Performance and Success Indicators for the team and support the TEM manager to Develop and maintain the Threat process, including all required supporting materials.
* Leverage CrowdStrike Falcon and related modules for threat detection, endpoint protection and exposure management.
* Perform continuous monitoring of threat landscape, vulnerabilities, and exploits to proactively assess risks and advise the InfoSec Management team of significant emerging threats and identified vulnerabilities and recommend tactical and operational steps to counteract these threats and mitigate vulnerabilities. Effectively communicate with internal stakeholders (technical and non-technical) and suppliers to provide updates on threats, vulnerabilities and/or to deliver key projects.

Key Skills & Experience:
* Strong technical background and focus with the ability to script in one or more programming language (eg: Python, etc)
* Strong threat hunting experience and ability to analyse malware, networking, Firewall and Web Knowledge, OWASP top 10 knowledge, Knowledge of DevSecOps Threats
* Understand vulnerability life cycle and knowledge and demonstrable experience of Information security technologies and methodologies, Experience of Cloud systems and their Architecture (Azure, AWS)
* Awareness of various operating system flavours including but not limited to Windows, Linux, Unix, Database technologies (SQL, Oracle, DB2, Mongo) and associated threats
* Awareness of security controls in widely used technologies eg, MS Office 365 and experience of Incident Management and Response tools - eg, Remedy, ServiceNow
* Strong hands-on experience with CrowdStrike Falcon platform
* Exceptional Customer engagement and reporting skills.
* Exceptional analytical, problem-solving, and troubleshooting abilities.
* 3-5+ years in Threat Management, Vulnerability Management, DevSecOps, or pen testing
* Proven use of modern security tooling in real-world projects
* Experience in agile delivery teams and cross-functional collaboration
* Exposure to cloud security
* Comfortable documenting technical findings and engaging in remediation cycles
* Nice to Have Certifications (not mandatory): OSCP, OSWA, CRTO, GWAPT, GPEN, eWPT
* Azure Security Engineer Associate/AWS Security Specialty
* CrowdStrike Experience and certifications

This is an excellent opportunity on a great project of work, If you are looking for your next exciting opportunity, apply now for your CV to reach me directly, we will respond as soon as possible.

LA International is a HMG approved ICT Recruitment and Project Solutions Consultancy, operating globally from the largest single site in the UK as an IT Consultancy or as an Employment Business & Agency depending upon the precise nature of the work, for security cleared jobs or non-clearance vacancies, LA International welcome applications from all sections of the community and from people with diverse experience and backgrounds.

Award Winning LA International, winner of the Recruiter Awards for Excellence, Best IT Recruitment Company, Best Public Sector Recruitment Company and overall Gold Award winner, has now secured the most prestigious business award that any business can receive, The Queens Award for Enterprise: International Trade, for the second consecutive period.