Find & Fix / Vulnerability Engineer:
Active UK SC Clearance is essential
Hybrid – 1 day onsite per week from Stevenage or Filton
We are seeking a Vulnerability Management Engineer to take ownership of the full lifecycle of vulnerability management across both internal systems and client environments. This is a key role focused on improving security posture through effective identification, prioritisation, and remediation of vulnerabilities across cloud and on-prem environments.
The Role
You will be responsible for driving vulnerabilities through to full resolution—ensuring issues are not just identified but properly remediated, verified, and evidenced. Working closely with cross-functional teams, you will help balance risk reduction with operational stability while embedding secure practices at scale.
Key Responsibilities
Own the end-to-end vulnerability remediation lifecycle — from identification and validation through to remediation, verification, and closure
Remediate cloud security issues using tools such as:
Microsoft Defender for Cloud
Azure Advisor
AWS Inspector & Security Hub
Conduct on-prem vulnerability scanning and coordinate remediation activities
Translate security advisories into clear, actionable remediation tasks for engineering teams
Resolve OS and application vulnerabilities via patching, hardening, and control implementation
Collaborate with infrastructure, platform, and application teams to deploy fixes safely (including change control, testing, and rollback planning)
Maintain comprehensive documentation and audit evidence, including root cause analysis and validation
Produce regular reporting on vulnerability trends, SLA performance, and residual risk
Deliver remediation at scale using DevOps practices and Infrastructure as Code (Terraform)
Continuously improve vulnerability management processes and security baselines
Environment
Hybrid cloud: Azure & AWS
On-prem infrastructure environments
Security tooling and enterprise vulnerability management frameworks
Cross-functional collaboration across engineering, security, and operations teams
Key Requirements
Proven experience in vulnerability management and remediation
Strong exposure to Azure, AWS, and on-prem environments
Experience with vulnerability scanning and security tools
Understanding of security frameworks and best practices
DevOps mindset with experience in automation, IaC (Terraform), and scalable solutions
Strong stakeholder management and communication skills
Active UK SC Clearance is essential