Cyber Threat & Vulnerability Lead required to join a globally recognised SaaS company, leading the vulnerability management function and helping shape security strategy in a modern, high-impact environment.
The Company
This is a globally recognised SaaS company delivering services at scale across multiple regions. Security is embedded into the way the business operates, ensuring platforms, data, and users are protected from evolving cyber threats. Maintaining robust, resilient systems is critical to keeping services reliable and customers confident.
You'll be joining a modern, cloud-oriented environment where security is embedded into product development, infrastructure, and operational strategy. The company is currently renewing its security stack and introducing new tools, giving you the chance to influence direction, shape strategy, and make your voice heard. Automation is at the core of the roadmap, and you'll be part of a passionate, transparent, and collaborative team that values open communication and shared success.
The Role
As the Vulnerability & Threat Management Specialist, you'll lead the maturity and execution of the vulnerability management function ensuring the business has continuous insight into its risk exposure and the capability to respond effectively.
You'll own the design and delivery of scanning strategies across a hybrid estate, including on-prem, cloud, and containerised infrastructure. Working with platforms such as,, and Nessus, you'll ensure coverage, clarity, and control over how vulnerabilities are identified, assessed, and remediated.
You'll collaborate closely with infrastructure, engineering, and security teams - helping translate scan results into prioritised, risk-based action plans, supported by data and threat intelligence. Beyond the technical, you'll play a key role in aligning the organisation to industry standards and frameworks, helping take the business on a maturity journey.
What You'll Be Doing
* Implementing and optimising the full vulnerability management lifecycle from configuring and running scans to analysing results and driving remediation.
* Defining scope, ensuring accurate asset coverage, integrating platforms like ServiceNow and Splunk, and using threat intel to enhance prioritisation.
* Building dashboards and KPIs that provide clear visibility to senior stakeholders.
* Supporting security and compliance initiatives, audits, and regulatory needs related to infrastructure and application risk.
* Playing a key role in security stack renewals and tool selection, helping shape automation and integration efforts.
* Influencing policy, shaping standards, and aligning practices with frameworks such as NIST, CIS Controls, or MITRE ATT&CK.
* Communicating with a wide range of stakeholders, including system owners and business leaders, to drive collaboration and shared accountability.
What We're Looking For
We're looking for a cyber professional with proven experience in vulnerability management, ideally with direct exposure to,, and Nessus. You'll understand how to operate these platforms effectively in large-scale, complex environments and how to turn findings into meaningful risk reduction.
You'll bring:
* Understanding of modern infrastructure (cloud, virtualisation, containerisation).
* Knowledge of operating systems, networking, and secure configurations.
* Familiarity with frameworks such as NIST, CIS Controls, or MITRE ATT&CK.
* An appreciation for automation and how it enhances security effectiveness.
* Excellent communication skills to engage technical teams, system owners, and senior leadership.
* A collaborative mindset, thriving in an environment built on honesty, transparency, and teamwork.
The Offer
You'll receive a competitive salary of up to £70,000, plus bonus opportunity and a comprehensive benefits package including private healthcare, enhanced pension, generous leave, and wellness support.
The role offers flexible hybrid working, with just two days per week onsite in a modern, Edinburgh city centre office.
This is an opportunity to take ownership of a core pillar of the cyber security strategy in a modern, high-impact SaaS environment while working in a team that is open, honest, and highly collaborative.
If this sounds of interest, please apply or reach out to Murray Simpson.