Location: Preston Job Type: Contract Industry: Cyber Security Job reference: BBBH439782_1780052082 Posted: about 5 hours ago
Role Title: Security Incident & Vulnerability Management Consultant
Duration: contract to run until 30/11/2026
Location: Preston. Hybrid 2 days per week onsite
Rate: up to £600 p/d Umbrella inside IR35
Clearance required: Must Be MOD SC Cleared And Be A Sole UK National.
SC must have been actively used within the last 12 months and must have 3 months left on the clearance
Role purpose / summary
The Security Incident & Vulnerability Management Consultant operates within the Operational Integrator (OI) function to support the transition to a multi-supplier (SIAM) model within a Defence environment.
The role focuses on understanding, aligning and governing existing high-severity security incident management (S3/S4) and vulnerability management processes across suppliers. Ensuring a consistent, risk-based approach in line with client policy and regulatory requirements, supported by appropriate evidence.
The outcome is a coherent, evidence-driven view of security risk, covering both active incidents and underlying vulnerabilities, with processes standardised and ready for BAU handover.
This is a governance and coordination role, not a hands-on SOC, incident response, or vulnerability remediation function.
Key Responsibilities
Governance & Process Alignment
Review and align existing supplier processes for:
1. High-severity incident management (S3/S4)
2. Vulnerability management, across suppliers from existing processes
Ensure processes are:
3. Consistent across suppliers
4. Aligned to client policy and regulatory requirements
Establish and govern:
5. Incident severity classification and escalation thresholds
6. Vulnerability prioritisation approaches (e.g. CVSS, KEV, EPSS)
7. Exception and risk acceptance processes
Supplier Coordination (SIAM Model)
8. Coordinate multiple suppliers to ensure consistent handling of incidents and vulnerabilities
9. Act as the integration point across suppliers, aligning outputs without redesigning underlying processes into a common model
10. Identify and manage gaps in process maturity, coverage, data quality and Compliance with standards
11. Incident Management (S3/S4 Focus)
12. Govern the lifecycle of high-severity incidents, including escalation, coordination, communication and reporting
13. Ensure suppliers:
14. Detect and escalate incidents appropriately
15. Meet defined escalation and communication expectations
16. Maintain structured incident records
17. Define and agree the required level of visibility from SOC outputs, without requiring direct tooling access
Vulnerability Management (SOC-led)
18. Oversee the vulnerability lifecycle from identification through to closure
19. Ensure vulnerabilities are:
20. Prioritised consistently using agreed Client approaches
21. Tracked through remediation or formal risk acceptance
22. Validate, track and monitor:
23. Remediation timelines and SLA adherence
24. Handling of high risk vulnerabilities, exceptions and waivers
25. Identify risks relating to:
26. Incomplete asset coverage
27. Obsolescent, legacy or non-patchable systems
Evidence & Assurance
28. Define and align evidence requirements for both:
29. Incident management (event, escalation, response, closure)
30. Vulnerability management (identify, track, remediate, validate)
31. Ensure outputs are:
32. Consistent across suppliers
33. Traceable to risks and controls
34. Audit ready
35. Provide assurance that both domains align with ISMS and control requirements
Reporting & Transition Support
36. Support domain-specific reporting for:
37. Major incidents (S3/S4)
38. Vulnerability risk and remediation status
39. Support governance forums with clear, evidence-based reporting
40. Establish a transition baseline that enables a clean handover of processes to BAU without redesign
Key Skills & Experience
Essential
41. Experience in security incident management, vulnerability management, or cyber governance roles
42. Strong understanding of:
43. Incident management lifecycle (detect, respond, recover)
44. Vulnerability lifecycle (identify, prioritise, remediate, validate)
45. Experience working in multi-supplier or SIAM environments
46. Ability to interpret outputs from SOC and vulnerability tooling without direct ownership
Desirable
47. Familiarity with NIST CSF, NCSC or UK Government security guidance
48. Experience in Defence sector or highly regulated environments
49. Exposure to audit, assurance or ISMS processes
50. ITIL alignment
Key Deliverables
51. Standardised and aligned incident and vulnerability management processes
52. Consistent supplier reporting and lifecycle governance
53. Evidence models supporting audit and assurance
54. Established transition baseline for BAU handover
All profiles will be reviewed against the required skills and experience. Due to the high number of applications we will only be able to respond to successful applicants in the first instance. We thank you for your interest and the time taken to apply!