Cyber Security Specialist (Vulnerability Management and Tenable / Nessus Pro experience required) at Mimecast

We're your dream cyber security team!

In this role you will drive systematic operational processes into the organization to reduce attack surface and validate the efficacy of existing security tooling. Generating situational awareness into process outcomes and technical capabilities the role will highlight the key levers of cyber security improvement and in doing so ensure that Mimecast continues to operate within its cyber risk appetite.

Enhanced situational awareness is the primary objective this role. Understanding the key drivers of successful outcomes, defining value chains and tracking appropriate metrics are essential. You'll support the definition of value chains using methods such as Wardley Mapping, collate telemetry and produce performance and risk indicators using statistical and probabilistic methods.

You'll need experience in:

Vulnerability Management

• Ensure successful operation of Infrastructure vulnerability management lifecycle through, identify, assess, remediate and validate phases.
• Create proof of concepts for high risk vulnerabilities reported by automated tools.
• Where appropriate, support design and deployment of vulnerability scanners to meet objectives.
• Where appropriate support the design of triage and risk assessment processes to ensure focus is always on driving rapid remediation of highest risk vulnerabilities.
• Validate external vendor security reports and import them into the vulnerability management process. 
• Develop niche automation or custom software tools when those tools do not exist.

Security Control Validation

• Support the broader security testing strategy by operating Breach and Attack Simulation platforms (BAS).
• Collaborate with Offensive Security, Engineering and IT teams to ensure the deployment of appropriate test plans within BAS.
• Collaborate with Engineering IT and Offensive Security Teams to ensure that boundary, endpoint and network security capabilities are adequately assessed within BAS plans.
• Collaborate with Threat Intelligence and Offensive Security teams to identify potential areas for penetration testing or human ‘red teaming/capture the flag’ assessments.
• Collaborate with Security Operations Detect & Respond Teams, including third parties where appropriate, to test and validate detection and response capabilities.
• A member and active contributor to weekly ‘Attack v Defend’ standups to promote continuous improvement and risk reduction through ongoing ‘purple teaming’.
• Produce agreed metrics so process performance, control efficacy and risk exposure can be continuously monitored.

Security Training & Awareness

• Utilize Mimecast products to support development and execution of annual training and awareness plans for Mimecast staff and other relevant stakeholders.
• Collaborate with Compliance teams to ensure Mimecast Training & Awareness plans meet compliance requirements.

Collaborate with relevant internal stakeholders to ensure success of Mimecast-on-Mimecast objectives, including:

• Deployment of all appropriate products.
• Configuration of all deployed products.
• Operationalization of all deployed products.
• Product team feedback.

Be a center of excellence with regards to Mimecast Training & Awareness platforms, so as to provide support to Go To Market and Service Delivery Teams objectives of helping customers maximize their investments in Mimecast products and services.

• Support the Security Strategy Enablement team embedding of a risk-based approach to cyber security by driving systematic Risk Assessment (FAIR) through all decision making and prioritization activities in order to:
• Maintain risk appetite.
• Reduce internal user and process friction.
• Support speed of delivery for internal projects that support critical company imperatives.
• Collaborate with Security Strategy Enablement teams to leverage Wardley Mapping techniques to define and articulate value chains for the delivery of relevant security capabilities and improvement opportunities.