We’re here to unite the conditioning community. We believe that putting the sweat in today, prepares us for tomorrow. So, we give people the tools they need to reach further, go faster, be stronger. We celebrate those who show up – for themselves – to be their physical or mental best, whatever that means for them. It’s what we want for our community, and our team. A team that’s growing rapidly around the world. A collective of talented individuals working together to invent Gymshark’s future. Our plans are ambitious, and we’re looking for people who want to join us for the ride – our growth will be your growth.
As Gymshark’s Security Vulnerability Management Specialist, you will be responsible for the scoping, scanning, reporting, and remediation plans for vulnerabilities within the Gymshark systems and infrastructure. To ensure the company’s assets, systems and applications are protected, you will perform proactive vulnerability assessments on emerging threats liaising with stakeholders to address the identified issues.
We have an ambitious strategy that will transform Gymshark’s Security capability, therefore this role will work closely with the programme workstreams to help deliver tangible risk reduction outcomes to Gymshark.
Are you our next Security Vulnerability Management Analyst? Here’s the role up close:
Management & Support
- Perform analysis of incoming intelligence to identify threats, providing technical and procedural recommendations that will reduce Gymshark’s exposure to cyber-risks.
- Assist in the delivery, implementation, and management of the Vulnerability Management programme.
- Organise network-based scans to identify possible network security attacks and host-based scans to identify vulnerabilities in workstations, servers, and other network hosts (Cloud).
- Understand and stay current with the critical threats to our in-house and Cloud-based IT solutions by continually reviewing intelligence sources for vulnerabilities.
- Provide intelligence-driven vulnerability assessments for Critical/Zero-Day discoveries, highlighting possible next steps.
- Provide internal incident response for the company collaborating with supported SOC.
- Identify technical and procedural enhancements and opportunities to improve the capability of the Threat & Vulnerability function.
- Champion a proactive approach to addressing the changing threat landscape by recommending architectural improvements to security infrastructure.
- Provide and support the delivery of technical and executive-level risk-based reporting of threat and vulnerability landscape specific to the Gymshark landscape.
- Hold relationships with vendors/3rd party suppliers PSIRT(Product Security Incident Response Team) entities.
- Ability to work with internal staff & third parties to deliver risk reduction strategies.
- Excellent communication skills with the ability to explain technical security threats & vulnerabilities in business risk terms.
- Compiles and tracks vulnerabilities and mitigation results to quantify program effectiveness.
- Identify and highlight any current gaps or updates to existing InfraSec Systems, Policies, and Procedures.
- Benchmark Gymshark against key compliance legislation and global security standards.
Knowledge & Opportunities
- Hands-on experience of organising network-based scans to identify possible network security attacks and host-based scans to identify vulnerabilities in workstations, servers, and other network hosts (Cloud).
- Experience with running a vulnerability management programme; scheduling, scanning, tracking, assessment, and mitigation of vulnerabilities.
- Attend relevant 3rd party events & Webinars to further knowledge/skills/contacts within the industry.
- Experience within a Cyber Security/Infrastructure Security Team and/or equivalent.
- General knowledge of current and emerging security technologies, strong information security knowledge.
- Sound operational and working knowledge of vulnerability management systems.
- A high level of organisational skills.
- Ability to work collaboratively with local and international technical and non-technical teams to align on global projects and joint tasks.
- To provide support for Gymshark InfraSec Identity Systems in the event of emergencies – occasionally out of hours if urgent.
- Commercial Awareness and a creative problem solver with the ability to think laterally and understand the cost and value drivers within a competitive business environment.
Here are some of the perks we offer:
🙌 Opportunity to work on high traffic, high performing e-commerce systems
🤑 Competitive ‘Win Together, Lose Together’ Bonus
🩺 Full private medical insurance with no excess
🏖 25 days holidays + your birthday and all the Bank Holidays which can be substituted and taken whenever you want.
💻 A truly flexible working culture (role needs someone to come to HQ at least twice a week but not every day).
👥 A collaborative, creative and inspiring working environment
💰 Employer pension contributions up to 7%
🤩 Life Assurance at four times your basic salary
🦈 50% Gymshark Discount & Gymshark Gift Card for each year of service
🥇 Financial, Physical and Mental Wellbeing Support
📚 Great training and learning resources & 10% time for personal development
🖥 Choice of hardware and access to the best software
🤒 Paid time off when you’re physically and mentally unwell
🧸 Very Generous Family Leave package – we support you extending your family
GS Campus Perks:
🍎 Refuel – Healthy fresh food at GSHQ
🏋️♂ Free Lifting Club (LC) Gym Membership for yourself and two friends/family
👉 Free monthly massages
💈 Beauty and Barber facilities
🚘 Free on-site parking