The Vulnerability Detection and Remediation SME is responsible for leading the organization's efforts in identifying, assessing, and remediating vulnerabilities across IT infrastructure, applications, and cloud environments. This role requires deep technical expertise, strategic thinking, and the ability to collaborate across teams to ensure a robust security posture.
-
Lead the enterprise-wide vulnerability management program, including detection, prioritization, and remediation.
- Conduct regular vulnerability scans using tools like Qualys, Tenable Nessus, Rapid7, and analyze results to identify risks.
- Collaborate with IT, DevOps, and application teams to ensure timely patching and remediation of vulnerabilities.
- Hands-on experience in patching using different patching tools on different OS, Applications, Cloud and Networks etc.
- Develop and maintain vulnerability management policies, procedures, and playbooks.
- Provide SME-level guidance on scanning signatures, detection capabilities, and remediation strategies.
- Monitor threat intelligence feeds and correlate with internal vulnerability data to assess risk.
- Host remediation meetings with stakeholders and track progress of corrective actions.
- Ensure compliance with industry standards such as NIST, ISO 27001, PCI-DSS, HIPAA.
- Generate detailed reports and dashboards for leadership on vulnerability trends and remediation status.
- Support incident response teams with vulnerability exploitation insights and mitigation strategies.
- Continuously improve scanning, reporting, and remediation processes through automation and orchestration tools (e.g., Service Now, MS Sentinel, Ansible, Terraform, Splunk Phantom).
-
Bachelor’s degree in computer science, Information Security, or related field.
- 5+ years of experience in vulnerability management or cybersecurity.
- Strong knowledge of operating systems (Windows, Linux), network protocols, and cloud platforms.
- Hands-on experience with vulnerability management platforms (e.g., Qualys VMDR, Tenable.io, Rapid7 InsightVM).
- Familiarity with patch management tools (e.g., Intune, Qualys, PatchmyPC, Automox WSUS, etc…).
- Excellent analytical, communication, and problem-solving skills.
- Experience with threat modeling techniques (e.g., STRIDE, DREAD).
- Knowledge of forensic tools and incident response procedures.
- Experience in scripting (e.g., Python, PowerShell) for automation.
- Familiarity with SIEM platforms (e.g., Splunk, Sentinel, QRadar).
- ITIL Foundation certification.
- Experience with other ITSM tools and platforms.
- Intune / Qulays
We are a specialist professional services and technology firm, working in partnership with leading insurance, highly regulated and global businesses.
We help our clients to manage risk, operate their core business processes, transform and grow. We deliver professional services and technology solutions across the risk and insurance value chain, including excellence in claims, underwriting, distribution, regulation & risk, customer experience, human capital, digital transformation & change management.
Our global team of more than 8,000 professionals operate across ten countries, including the UK & the U.S. Over the past ten years Davies has grown its annual revenues more than 20-fold, investing heavily in research & development, innovation & automation, colleague development, and client service. Today the group serves more than 1,500 insurance, financial services, public sector, and other highly regulated clients.
