Vulnerability Management & MS Defender

We are seeking a skilled and passionate security professional to join our team as a Microsoft Defender for Vulnerability Management SME and Application Penetration Tester. In this dual role, you will be responsible for ensuring the security posture of our applications and systems by leveraging the power of Microsoft Defender for Vulnerability Management and conducting thorough penetration testing. You will play a critical role in identifying, analysing, and mitigating vulnerabilities to protect our sensitive data and systems from evolving threats.
Key Responsibilities:

• Administration & Optimization: Manage and maintain the Microsoft Defender for Vulnerability Management platform, ensuring its optimal configuration and integration with existing security tools.
• Vulnerability Assessment: Conduct regular vulnerability assessments across our hybrid IT environments.
• Risk Analysis & Prioritization: Analyse identified vulnerabilities, assess their potential impact, and prioritize remediation efforts based on risk severity.
• Remediation Planning & Tracking: Develop and implement remediation plans for critical vulnerabilities, collaborating with IT and development teams to ensure timely mitigation.
• Reporting & Communication: Prepare comprehensive reports on vulnerability assessments, remediation progress, and overall security posture for stakeholders.
• Vulnerability Discovery & Exploitation: Conduct automated penetration tests to identify and exploit vulnerabilities in applications and their underlying infrastructure.
• Security Assessment & Reporting: Document identified vulnerabilities, assess their potential impact, and provide detailed remediation recommendations to development teams.

Required Skills & Experience:

• Proven experience with Microsoft Defender for Vulnerability Management, including configuration, administration, and vulnerability analysis.
• Strong understanding of vulnerability management principles, methodologies, and best practices.
• Hands-on experience in tools-based application and infra penetration testing.
• Familiarity with common web application vulnerabilities (OWASP Top 10) and their exploitation techniques.
• Experience with scripting languages (e.g., Python, PowerShell) for automating security tasks.
• Excellent communication and collaboration skills, with the ability to communicate technical findings to both technical and non-technical audiences.
• Relevant industry certifications such as OSCP, CEH, GPEN, GWAPT.
• Experience with cloud security platforms (e.g., Azure Security Center)

This profile requires to work as per UK standard shift Mon-Friday.