Enterprise Security Posture Management (ESPM) Lead

About The Position

Requirements

• Cybersecurity, with direct exposure to cloud security, API security, vulnerability mitigation, or threat exposure reduction
• Implementing CSPM, CNAPP, SSPM, and API security solutions in large enterprises
• Cloud architectures (AWS, Azure, GCP), attack paths, adversary emulation, and continuous validation concepts
• Developing and operationalizing risk-based prioritization models for cloud and API exposures
• Ability to influence across technology, risk, and business domains, evaluative and communication abilities, with a focus on measurable outcomes

Nice To Haves

• Experience in financial services or other regulated sectors
• MITRE ATT&CK/CTID, CISA Secure-by-Design, NIST CSF 2.0/CRI Profile, DORA/FFIEC exposure frameworks
• Certifications such as CISSP, OSCP, or cloud security specialist credentials
• Ability to build data-driven dashboards for exposure visibility and remediation governance

Responsibilities

• Allocation of the correct risk rating and remediation prioritisation to a vulnerability based on industry standards for assessment, available threat intelligence concerning exploitation, the reachability of the host (or asset) and the value of the service(s) running on the impacted host.
• Development of vulnerability management operating model, policies and procedures to ensure consistency in vulnerability identification, remediation and reporting.
• Element owner of the Vulnerability Management Standard including Issues Management and Regulatory alignment.
• Communication of vulnerabilities to relevant parties including senior stakeholders, vendors, external security partners and affect business units using reports and dashboards and provide recommendations for improvement in vulnerability management practices.
• Collaboration with Threat intelligence and Cyber Operations teams to assess and contextualise exposure to latest threat trends and exploits and set appropriate remediation timescales.
• Definition of requirements and acceptance criteria for the implementation and maintenance of automation tools to streamline vulnerability management processes within operating systems and applications.
• Reporting of remediation status of Security Assurance Specialist team findings against Key Risk Indicators.

Benefits

• Barclays employees are eligible for a suite of competitive and generous employee benefits, including medical, dental and vision coverage, 401(k), life insurance, and other paid leave for qualifying circumstances.
• This position is eligible for an incentive award.