Job Description We are seeking a Vulnerability Analyst to support and enhance Frasers Group’s cybersecurity capabilities by identifying, assessing, and helping remediate vulnerabilities across our global retail, digital, and enterprise environments. Reporting to the SecOps Manager, this role will focus on the day-to-day delivery of vulnerability management activities. The Vulnerability Analyst will play a hands-on role in identifying security weaknesses, assessing risk, and working with technical and operational teams to ensure timely remediation. The role will also support the coordination of operational penetration testing activities, ensuring testing is effectively scheduled, delivered, and tracked through to remediation. Working closely with risk and operational teams, the Vulnerability Analyst will help translate technical findings into business risk, ensuring vulnerabilities are prioritised based on real-world impact and exploitability. By combining vulnerability data with threat context and operational insight, the role will contribute to reducing the organisation’s overall attack surface. In addition, the role will support security monitoring and incident response activities when required, particularly in identifying vulnerabilities linked to active threats. Key Responsibilities Support the delivery of the vulnerability management programme across enterprise, cloud, and retail environments. Perform regular vulnerability assessments using scanning tools, security platforms, and threat intelligence sources. Analyse and triage vulnerabilities, prioritising remediation based on risk, exploitability, and business impact. Support the coordination of operational penetration testing activities, including scheduling, scoping, and tracking remediation of findings. Ensure penetration testing results are clearly documented, prioritised, and fed into remediation workflows. Work closely with risk and operational teams to identify vulnerabilities associated with high-risk processes or emerging threats. Collaborate with engineering, infrastructure, and operational teams to track and support remediation of identified vulnerabilities. Monitor and report on vulnerability status, risks, and remediation progress to the SecOps Manager and relevant stakeholders. Support incident response activities by identifying root-cause vulnerabilities and contributing to remediation actions. Assist in improving vulnerability scanning coverage, tooling, and processes. Contribute to identifying attack paths and systemic weaknesses within the environment. Apply industry frameworks such as MITRE ATT&CK and CVSS to support vulnerability assessment and prioritisation. Support integration of vulnerability data into monitoring and ticketing systems. Document findings, remediation actions, and lessons learned to support knowledge sharing. Work with operational teams to support secure configuration and reduce recurring vulnerabilities.