Company Description

We’re ASOS, the online retailer for fashion lovers all around the world. 

We exist to give our customers the confidence to be whoever they want to be, and that goes for our people too. At ASOS, you’re free to be your true self without judgement, and channel your creativity into a platform used by millions. 

But how are we showing up? We’re proud members of Inclusive Companies, are Disability Confident Committed and have signed the Business in the Community Race at Work Charter and we placed 8th in the Inclusive Top 50 Companies Employer list.  

Everyone needs some help showing up as their best self. Let our Talent team know if you need any adjustments throughout the process in whatever way works best for you. 

Job Description

As an experienced Threat & Vulnerability Senior Analyst, you will help drive identification and remediation of security threats and vulnerabilities to protect business operations across our technical teams. 

This is a critical role responsible for overseeing and contributing to the successful execution of technical security remediation activities and initiatives within the business. The role will interface between the wider technology teams and our cyber security team, including our third-party partners, overseeing triage, tracking and remediation of security threats and vulnerabilities that effect the business.

We’re quite passionate about protecting our colleagues and the ASOS brand, so we would love someone who can thrive and develop on an ever growing and changing security landscape.

The Details: 

• Assist the Threat & Vulnerability Manager in the delivery of all ASM team services, providing guidance, support, and mentorship to more junior members of the team and maximise individual and team performance
• Conduct vulnerability assessments both internally and externally, utilising vulnerability scanning and penetration testing tools and technologies
• Identify, evaluate, and prioritise vulnerabilities based on the severity, exploitability, and potential impact on the organisation's infrastructure and systems
• Work closely with technical delivery, DevOps and Platform teams to triage and remediate security threats and vulnerabilities, and promote SDLC policy and processes
• Develop and execute vulnerability management programs, policies, and procedures to ensure continuous improvement in security posture
• Perform risk assessments and provide actionable recommendations for the deployment of security controls and countermeasures in response to identified vulnerabilities
• Collaborate with our MSSP partner and the incident response team in investigating and responding to security incidents, providing expertise and support in the utilisation of security technologies to identify, contain, and remediate threats

Qualifications

About you: 

• Proven experience working in vulnerability management
• Working knowledge of OWASP, MITRE, CVSS and other standards/frameworks relevant to application security and vulnerability management
• Proficient in using vulnerability scanning tools such as Nessus, Qualys, Rapid7, Wiz, OpenVAS, and penetration testing frameworks like Metasploit.
• Knowledge of security and risk frameworks, plus regulatory compliance frameworks (e.g., PCI DSS, HIPAA, ISO 27001)
• Relevant certifications like Certified Information Systems Security Professional (CISSP), Security+, CompTIA Cybersecurity Analyst (CySA+) or Certified in Cybersecurity (CC) are highly desirable
• Strong analytical skills to prioritise vulnerabilities, assess risk, and recommend suitable mitigation strategies 

Additional Information

BeneFITS’ 

• Employee discount (hello ASOS discount!) 
• ASOS Develops (personal development opportunities across the business) 
• Employee sample sales  
• Access to a huge range of LinkedIn learning materials 
• 25 days paid annual leave + an extra celebration day for a special moment 
• Discretionary bonus scheme  
• Private medical care scheme 
• Flexible benefits allowance - which you can choose to take as extra cash, or use towards other benefits