Overview
Vulnerability Manager – Hybrid role, Birmingham on site 2-3 days per week. Salary: £70,000 - £80,000 per annum (DOE). 12-Month Fixed Term Contract. Reporting into the Information Security Manager, you will be responsible for managing, maintaining, and continuously improving the vulnerability management programme across a complex enterprise technology estate. This includes the identification, assessment, prioritisation, and remediation tracking of security vulnerabilities across on‑premises systems, cloud environments, networks, applications, and endpoint devices.
The Opportunity
Vulnerability Management & Analysis
* Lead the end-to-end vulnerability management lifecycle, including discovery, scanning, validation, prioritisation, reporting, and remediation tracking.
* Operate and optimise vulnerability scanning platforms (e.g. Microsoft Defender Vulnerability Management, Edgescan, or equivalent).
* Conduct regular internal and external vulnerability assessments across infrastructure, applications, and cloud environments.
* Validate and analyse vulnerability data to ensure findings are accurate, contextualised, and relevant to the organisation's operating environment.
* Identify and assess critical vulnerabilities and zero-day threats, determining when expedited remediation is required.
* Assess vulnerability severity based on real-world exploitability, considering threat intelligence, exposure, asset criticality, and compensating controls.
* Maintain a defensible position on exploitable vs non-exploitable vulnerabilities, clearly documenting risk decisions and rationale.
* Assess and articulate business risk based on exploitability, asset value, and threat intelligence.
Remediation Coordination
* Work closely with internal technical teams and third‑party partners to ensure vulnerabilities are remediated within agreed SLAs and risk tolerances.
* Develop remediation plans, monitor progress, and escalate high‑risk issues where necessary.
* Support patch governance activities, ensuring both routine and emergency patching meets security requirements.
Security Governance & Compliance
* Ensure vulnerability management activities align with internal information security policies, standards, and procedures.
* Support compliance with relevant regulatory and security frameworks (e.g. GDPR, PCI DSS).
* Produce regular vulnerability risk reports, dashboards, and KPIs for senior stakeholders.
* Provide evidence and reporting to support audits, penetration tests, and regulatory reviews.
Threat Intelligence & Continuous Improvement
* Integrate threat intelligence to prioritise remediation of actively exploited or high‑risk vulnerabilities.
* Recommend and drive improvements to tools, processes, automation, and reporting to enhance programme maturity.
* Stay current with emerging vulnerabilities, zero‑day threats, and vendor advisories.
* Support incident response activities where vulnerabilities are linked to potential security events.
What You'll Bring
* Proven experience in vulnerability management, cyber security operations, or a related technical security role. Strong hands‑on experience with vulnerability management tooling (e.g. Microsoft Defender Vulnerability Management, Edgescan, or similar).
* Solid understanding of cloud platforms (Azure), operating systems (Windows, Linux), networking, and enterprise technologies.
* Strong knowledge of CVSS scoring, exploit analysis, and risk‑based prioritisation.
* Experience working in large, complex enterprise environments. Familiarity with regulatory and compliance requirements relevant to vulnerability management.
* Knowledge of SIEM, SOAR, EDR, and associated security tooling. Strong analytical skills with the ability to translate technical risk into clear, executive‑level reporting.
* Experience supporting incident response and investigations. Excellent stakeholder management skills, with the confidence to challenge and influence both technical and non‑technical teams.
* Strong understanding of patch management processes and operational constraints in business‑critical environments. Able to manage multiple competing priorities and make pragmatic, risk‑based decisions.
Qualifications
* Proven hands‑on experience in vulnerability management or cyber security operations.
* Demonstrable understanding of security principles, standards, and methodologies.
* One or more of the following certifications preferred: CISM, CISSP, CEH, CompTIA Security+, CompTIA CySA+, GIAC GVMS.
#J-18808-Ljbffr