Vulnerability and Patching Specialist

About MIB

At MIB our people are passionate about making roads safer by getting uninsured and hit-and-run drivers off our roads. Working in partnership with the Police, Insurers and Government our collective aim is to make it a thing of the past but, until that’s accomplished, we’re here to compensate victims quickly, fairly and compassionately.

Last year we helped more than 34,000 people struck by uninsured and hit-and-run drivers and paid over £400 million in compensation to support victims rebuild their lives.

About the role

As our vulnerability and Patching Specialist you will:

• Be the primary point of contact for managing information security vulnerabilities on end user devices, servers and 3rd party desktop applications across the Business.
• Create, own and manage the framework for managing the application estate, ensuring only agreed versions of applications are in use, and a roadmap for version upgrades
• Be accountable for the management of the software catalogue to ensure only approved software applications are used across the Business.
• Create and manage a best practice vulnerability management process to protect against the exploitation of known/detected vulnerabilities

Key Responsibilities

• Manage vulnerability scans in conjunction with the Security Operations team against agreed SLAs, on all endpoints and 3rd party desktop applications used in MIB’s estate.
• Engage with the wider business functions to establish a catalogue of approved software and a process to manage the list effectively to include removal and blocking of non-permitted applications as well as an approval process for new software requests.
• Engage with the wider business to establish and effectively manage the version control of software being used across MIB’s estate so that only the latest / single version is used unless otherwise approved
• Establish and manage an exceptions process with appropriate approvals for any deviations from approved software versions or patching levels
• Establish a framework to manage the application estate to ensure only agreed versions of applications are in use.
• Create and maintain a roadmap to ensure MIB’s technology estate remains secure and on supported versions of applications and operating systems.
• Conduct research on the latest security threats and remediation activity to protect MIB against these threats
• Remediate critical, high and medium vulnerabilities in line with SLAs, utilizing agreed patching tools and direct user and supplier contact as appropriate
• Engage with 3rd parties (either directly or through Product owners) to maintain an agreed level of vulnerability management on their applications or servers.
• Document and verify all 3rd party patching arrangements.
• Proactively support Procurement, Legal and Contract Owners in identifying gaps in contracts relating to vulnerability management and patching needs for new contracts and renewals
• Work closely with TPRM and Third-Party Relationship Owners to deliver accurate reports and assessments to support 3rd party performance reviews
• To work closely with the Information Security team in managing and reporting on the security posture of our IT estate and performance against agreed SLAs
• Work closely with the Infosec team to ensure vulnerability management, the role and solution development occurs in line with their requirements
• Work with Third Party providers for outsourced services to ensure vulnerabilities are reported, patched and managed within agreed best practice timelines.
• Work alongside procurement and Third-Party Risk Management teams to identify gaps in contracts related to management and mitigation of vulnerabilities
• Deliver and support production of timely management information as agreed
• Promote awareness and education across the Business and support project and support teams to deliver within security requirements
• Work within the MIB Change Management Framework to deploy updates, patches and configuration changes
• Identify and document any gaps in patching on end user devices, servers and 3rd party desktop applications across the Business

Skills and Experience

• Fundamental knowledge of core cybersecurity concepts and experience of their practical application
• Experience of creating and managing patching frameworks across company estates including 3rd party application management
• Experience of supporting the inclusion and review of vulnerability management and controls in supplier contracts
• One or more of the following qualifications are highly desirable: Microsoft MCP/MSCA/ CISSP
• Experience of managing and supporting windows operating systems, M365 and MAC Operating systems
• Experience of Cloud based security tooling and vulnerability management systems (Intune, Defender, Sentinel, Nessus, Tenable, Qualys)
• Experience of using and managing patching tools such as Autopatch and Kandji
• Experience of using desktop management tooling such as SCCM and Intune and remote desktop tooling to apply patches and resolve issues
• Technical background in Microsoft Windows systems, Cloud security technologies, and network architectures
• Understanding of threat actors with the ability to articulate how they operate and demonstrate how they subvert common security controls
• Knowledge of application exploits and vulnerabilities. Knowledge of ports and services typical in the configuration of web servers, file servers, and workstations
• Excellent communication skills
• Ability to analyze and manage data
• Experience in producing performance, analysis and solution focused reports for senior management
Effective team working, collaboration and experience of coaching and mentoring.

Job Title: Vulnerability and Patching Specialist
Salary: £70,000
Grade: 13
Working Hours: 35
Working Pattern: 9am to 5pm Monday - Friday
Office Location: Milton Keynes
Job Type: Hybrid, working 2 days per week from our Milton Keynes office

IT kit supplied to you
£320 (before tax) start up allowance
Hybrid working (2 days in the office per week) from our Milton Keynes office, MK14

Other Benefits include:
Contributory Group Stakeholder Personal pension scheme
Life Assurance
Employee Incentive Scheme
27 days holiday (plus public holidays)
Holiday purchase scheme
Sports and Social Club
24/7 Employee Assistance Programme
Free access to online tools to support mental and physical health
Enhanced maternity, paternity and adoption leave
1 volunteer day each year and charity matched funding scheme

We believe in a workplace where everyone can be themselves. Through our different ideas, personalities and experiences, we redefine what is possible every day. And regardless of your colour, age, race, gender, sexual orientation or anything else you consider yourself to be, there is a place for you at MIB. A place where you can bring your best self to work every day.

So, if you think big, love a challenge and want to make a difference to people’s lives, we want to hear from you.

For more information, take a look at our job pack: HERE