About The Role Join the Information Security Engineering team at John Lewis Partnership to help build a secure future for an iconic brand. We work to protect our customers, Partners, and business against an ever-evolving cyber threat landscape. The John Lewis Partnership’s Information Security strategy is bold and ambitious. We provide a collection of security services, delivered via people, processes and technology. Working collaboratively, these services ensure that customers can shop with us efficiently, safely and securely, every single day. Our Threat Defence team is at the forefront of our cyber resilience, proactively monitoring threats, identifying vulnerabilities, and engineering robust security defences. As a Senior Information Security Analyst focusing on Vulnerability Management, you'll be instrumental in identifying, assessing, and driving the remediation of vulnerabilities across our diverse technology estate. You'll empower our Security Operations Centre to stay ahead of the latest threats by ensuring we understand and address our risk posture effectively. This is a pivotal role where your expertise will directly strengthen our defences and protect millions of customers and Partners. This is a great opportunity to directly shape our security posture, getting hands-on with leading vulnerability management tools. You'll thrive in an agile, supportive, and highly collaborative team where innovation isn't just encouraged, it's expected. At a Glance • Salary: £50,000 - £70,000 depending on experience • Contract type: Permanent • Hybrid Working: Based at our Bracknell Head Office with a flexible hybrid model (typically 1 day per week in the office, primarily Tuesdays, with ad-hoc visits as required by business needs). We support a healthy work-life balance. What You’ll Be Doing: In this hands-on technical analysis role, you will: • Lead the identification and assessment of vulnerabilities across our applications, infrastructure, and cloud environments using our established tooling • Develop, refine, and optimise vulnerability scanning profiles, dashboards and reports to ensure comprehensive coverage and actionable insights • Analyse vulnerability data to prioritise risks, identify trends, and provide clear, actionable remediation guidance to relevant technology teams • Collaborate closely with development, operations, and infrastructure teams to ensure timely and effective remediation of identified vulnerabilities • Contribute to the continuous improvement of our vulnerability management processes, policies, and procedures, aligning with industry best practices • Provide vulnerability context and analysis to support incident response activities. What You’ll Have (Essential Skills): • Extensive proven experience in a Vulnerability Management role • Proven hands-on experience with vulnerability management platforms, such as Qualys • Strong understanding of vulnerability assessment methodologies and risk scoring (e.g. CVSS) • Strong collaboration skills working with application and infrastructure teams within a security context • In-depth working knowledge of security best practices and frameworks (e.g., Mitre ATT&CK, OWASP Top 10, NIST). Even Better If You Have (Desirable Skills): • Knowledge of cloud security vulnerabilities and associated scanning techniques (specific experience with Google Cloud vulnerabilities would be of particular benefit) • Experience with scripting or automation to enhance vulnerability management processes (e.g. Python) and to drive efficiency and innovation • Familiarity with patch management processes and tools • Relevant Information Security certifications (e.g. CompTIA Security+, CySA+, CEH, CISSP) or a related degree. Ready to Apply? • Simply upload your CV and complete our application questions. We advise saving the application questions to a separate document before entering on Workday for future reference. • Internal Applicants - Please click here to view the job outline - Job Outline - SENIOR INFORMATION SECURITY ANALYST.pdf About The Partnership We’re the largest employee owned business in the UK and home of our cherished brands, John Lewis and Waitrose. We’re not just employees, we’re Partners, driven by our purpose to build a happier world. As we look to our future, there’s never been a more exciting time to join us. We’re ruthlessly focused on being brilliant at retail. We continue to innovate, adapt and diversify. Never Knowingly Undersold on price, quality and service in John Lewis and passionately serving food-lovers in Waitrose. As Partners we all share the responsibility of ownership and in its rewards. We use our voices to contribute to our success, working together through the good and challenging times, holding true to our behaviours and treating everyone with kindness and respect. We all own making the Partnership somewhere we belong. Embracing our differences and creating an environment where we’re free to be ourselves and can THRIVE. Growing ourselves individually, and as a collective. As Partners, we make all the difference. And, we all own it. Important points to note: It’s important to note that some of our roles are subject to pre-employment vetting (which may include DBS checks for successful candidates). If required, you’ll be informed and provided with information about vetting during the recruitment process and we encourage you to complete any vetting documents quickly to avoid delays. Any DBS checks required will be carried out by a third-party registered body and financial probity checks may also be required for some of our roles. We also recommend that you apply as soon as possible as vacancies can close early if we see a high number of applicants. We want all of our Partners to have a good work-life balance and we support flexible working. This might mean flexible or compressed hours, job sharing or shorter hour contracts, where possible. Please discuss this further with the hiring manager during your interview.