Overview
Threat & Exposure Management Consultant
Start: ASAP
Duration: 6-12 months
Location: London (2-3 days per week)
Pay: negotiable DoE, INSIDE IR35
The Role: We are seeking an experienced Threat & Vulnerability Management Specialist to lead the end-to-end process of identifying, assessing, and remediating security vulnerabilities across IT and cloud platforms. This role acts as a critical link between security operations and business stakeholders, ensuring the organisation remains resilient against evolving cyber threats.
Key Responsibilities
* Lead the vulnerability management lifecycle: assessment, risk analysis, prioritisation, and remediation tracking
* Monitor the threat landscape and provide timely intelligence to reduce risk exposure
* Support incident response efforts through threat attribution, malware analysis, and defensive recommendations
* Conduct proactive threat hunting and investigation using known TTPs
* Utilise tools such as CrowdStrike Falcon for detection, endpoint protection, and exposure management
* Communicate threat insights and remediation plans to both technical and non-technical stakeholders
* Maintain relevant documentation, risk metrics, and support the development of threat processes
Essential Skills & Experience
* Strong technical background with scripting ability (e.g. Python)
* Proven threat hunting experience and malware analysis skills
* Good understanding of OWASP Top 10, DevSecOps threats, and cloud architectures (Azure, AWS)
* Experience with vulnerability management, incident response, and security operations tools (e.g. ServiceNow, Remedy)
* Familiarity with operating systems (Windows, Linux, Unix), databases (SQL, Oracle, Mongo), and cloud-based security controls
* Strong communication skills, both written and verbal
* Proficient in producing documentation, dashboards, and reporting
* Hands-on experience with CrowdStrike Falcon and associated modules
Desirable
* 3–5+ years in threat or vulnerability management, DevSecOps, or penetration testing
* Experience in agile environments and cross-functional teams
* Knowledge of cloud security best practices
* Industry certifications such as OSCP, CRTO, GPEN, AWS/Azure Security Certifications
#J-18808-Ljbffr