Contract Type: Permanent
Location: Alderley Edge OR Edinburgh
Working style: Hybrid 50% home/office based
Closing date: 21st January 2026
About The Role
The Attack Surface Management (ASM) team is part of Royal London’s Group Operational Resilience team, reporting to the Group Chief Security Officer. Our mission is to protect Royal London Group’s (RLG’s) information and data by continuously identifying, assessing, and reducing our exposure to cyber threats. We work closely with the business to ensure our digital footprint is secure and aligned with our risk appetite and compliance requirements.
Key Responsibilities
* Support the Cyber Threat Intelligence (CTI) team in:
o Identifying and assessing potential cyber threats to the organisation.
o Sharing information with other cyber functions to enhance defences, including detection and speeding up response.
o Clearly articulating the risk and relevance of intelligence to key stakeholders.
* Support the Cyber Threat Testing (CTT) team in:
o Communicating effectively with third‑party suppliers to schedule and maintain external penetration tests.
o Liaising with internal stakeholders to smoothly facilitate external penetration tests.
o Reviewing incoming penetration testing reports and ensuring this information is shared with relevant stakeholders to improve RLG’s defences.
* Support the Threat and Vulnerability Management (TVM) team in:
o Reviewing vulnerability attack vectors from cyber threat intelligence to prioritise the issues which pose the greatest risk to the group and clearly articulating this risk to key stakeholders.
o Leveraging market‑leading vulnerability management tools to identify, assess, and coordinate the remediation of vulnerabilities effectively.
o Reviewing asset inventory accuracy and ensuring authentication is successfully applied.
* Assist with presentations to both technical and non‑technical audiences in written and verbal formats to ensure situational awareness across cyber.
* Continuously learn and adapt as threat actors evolve and expand our skillset.
* Participate in the implementation of the group’s Attack Surface Management model.
About You
* A genuine interest in cyber security and a desire to build a career in this field.
* An understanding of cyber risk and threats; awareness of the current state of the cyber threat landscape is desirable but not essential.
* Some knowledge of technical areas such as attack surface discovery, network and infrastructure fundamentals, cloud and SaaS environments, web and API security, and threat intelligence concepts (e.g., intelligence lifecycle, diamond model).
* Some knowledge of industry‑leading security tools such as proactive security tooling and vulnerability management platforms.
* Ideally hold a degree in a technical subject such as (but not limited to) cyber security, information security, or information technology.
* Ideally hold or be currently working towards at least one professional security certification, such as Security+, CPSA, GCTI, or CEH.
* High level of accuracy and attention to detail, with an analytical and methodical approach to demanding technical challenges.
* Positive, can‑do attitude and a service‑oriented mindset.
* Previous experience in a regulated environment, especially in financial services, is desirable.
About Royal London
We are the UK’s largest mutual life, pensions, and investment company, offering protection, long‑term savings and asset management products and services. Our People Promise to our colleagues is that we will all work somewhere inclusive, responsible, enjoyable and fulfilling. This is underpinned by our Spirit of Royal London values of: Empowered, Trustworthy, Collaborate, Achieve.
We reward employees with great workplace benefits such as 28 days annual leave in addition to bank holidays, an up to 14% employer matching pension scheme and private medical insurance.
Inclusion, diversity and belonging
We’re an Inclusive employer. We celebrate and value different backgrounds and cultures across Royal London. Our diverse people and perspectives give us a range of skills which are recognised and respected – whatever their background.
Seniority level
* Entry level
Employment type
* Full-time
Job function
* Engineering and Information Technology
#J-18808-Ljbffr