Infrastructure Engineer (Vulnerability management)

Position

Infrastructure engineer (vulnerability management)

Group

London  

Reports to

Technology Security Manager

Direct reports

0  

Internal relationships

• NBKI Technology teams
• Business colleagues
• Information Security Office

External relationships

• NBK Head Office, Kuwait 
• NBKI Technology partners

Job purpose

The Infrastructure Engineer (Vulnerability Management) is a hands-on technical role aimed at enhancing NBKI's security posture. Positioned within the IT Security team, this role is responsible for addressing open vulnerabilities and assurance findings. The Infrastructure Engineer will remediate vulnerabilities using change and release management methodologies and automate security updates using a suit of patch management tools.

Key responsibilities and accountabilities

• Automate patch management processes using a suite of patch management tools.
• Assess vulnerabilities identified in Tenable scans and determine appropriate technical fixes.
• Collaborate with the Technology Security Manager and the London Information Security Office to agree on remediation plans and actions.
• Implement agreed changes and releases to the IT environment to resolve identified findings.
• Prepare and submit risk acceptance requests if a technical fix cannot be applied.
• Coordinate with NBKI partners to implement changes in the IT environment.
• Lead the technical implementation of a new patch management platform.
• Define and deliver to an agreed plan to resolve vulnerabilities outside of SLA.

Any other tasks related to IT security at the discretion of the Technology Security Manager.

Committee membership/involvement

None at present.

Qualification & Experience

• Hands-on experience with patching servers, appliances, endpoints, and network equipment.
• Hands-on experience with remediating vulnerabilities through configuration changes.
• Hands-on experience managing Group Policy Objects (GPOs) and Azure Policies.
• Hands-on experience deploying and configuring various patching solutions (e.g., SCCM, Intune, ManageEngine).
• Experience configuring and interpreting reports from vulnerability scanning tools.
• Experience working with third-party vendors to deliver changes or perform impact assessments.
• Proficiency in scripting languages (preferred).
• Degree in Computer Science or a related discipline (preferred).
• Experience in IT within financial services (preferred).
• ITIL V3 Foundation qualification (preferred).

Essential Competencies / Skills  

• Analytical thinking
• Planning and Organising
• Effective communication and documentation skills
• Problem solving

Technical Skills

• Microsoft 365 administration
• Microsoft Windows Server
• Microsoft SQL Server
• Microsoft Windows 10
• VMware
• Microsoft Azure
• Microsoft System Center Configuration Manager (formerly SCCM)
• Microsoft Intune
• Other patch management tools (Manage Engine, Syxsense, Ivanti, NinjaOne, etc.)
• Active Directory, DNS and Microsoft CA
• Networking - routers, switches and firewalls (preferred)
• Microsoft 365 Defender (preferred)

Key success factors

• All out of SLA vulnerabilities assigned to IT are remediated
• Average time to remediate vulnerabilities falls due to increased automation
• All out of SLA assurance findings assigned to IT are remediated
• IT’s change and release technical methodologies and approach is matured to increase speed of remediation
• NBKI security terms of reference remain compliant
• NBKI IT security posture improves (KPI performance)
• % of vulnerabilities resolved by automation increases

Any Other Comments

Evening and weekend work will be required to make changes to IT systems out of hours.