Job Description

Vulnerability Manager

Hybrid role – Birmingham on site 2–3 days per week

£65,000 – £75,000 per annum (DOE)

12‑Month Fixed Term Contract

We have an exciting opportunity for a Vulnerability Manager to join a high‑performing Business Change and Technology function on a 12‑month fixed term salaried contract.

Reporting into the Information Security Manager, you will be responsible for managing, maintaining, and continuously improving the vulnerability management programme across a complex enterprise technology estate. This includes the identification, assessment, prioritisation, and remediation tracking of security vulnerabilities across on‑premises systems, cloud environments, networks, applications, and endpoint devices.

This role plays a critical part in ensuring the organisation’s technology environment remains secure, resilient, and aligned with internal security policies, legal and regulatory requirements, and industry best practice.

The Opportunity – Vulnerability Manager

Vulnerability Management & Analysis

• Lead the end‑to‑end vulnerability management lifecycle, including discovery, scanning, validation, prioritisation, reporting, and remediation tracking.
• Operate and optimise vulnerability scanning platforms (e.g. Microsoft Defender Vulnerability Management, Edgescan, or equivalent).
• Conduct regular internal and external vulnerability assessments across infrastructure, applications, and cloud environments.
• Validate and analyse vulnerability data to ensure findings are accurate, contextualised, and relevant to the organisation’s operational environment.
• Identify and assess critical vulnerabilities and zero‑day threats, determining when expedited remediation is required.
• Assess vulnerability severity based on real‑world exploitability, considering threat intelligence, exposure, asset criticality, and compensating controls.
• Maintain a defensible position on exploitable vs non‑exploitable vulnerabilities, clearly documenting risk decisions and rationale.
• Assess and articulate business risk based on exploitability, asset value, and threat intelligence.

Remediation Coordination

• Work closely with internal technical teams and third‑party partners to ensure vulnerabilities are remediated within agreed SLAs and risk tolerances.
• Develop remediation plans, monitor progress, and escalate high‑risk issues where necessary.
• Support patch governance activities, ensuring both routine and emergency patching meets security requirements.

Security Governance & Compliance

• Ensure vulnerability management activities align with internal information security policies, standards, and procedures.
• Support compliance with relevant regulatory and security frameworks (e.g. GDPR, PCI DSS).
• Produce regular vulnerability risk reports, dashboards, and KPIs for senior stakeholders.
• Provide evidence and reporting to support audits, penetration tests, and regulatory reviews.

Threat Intelligence & Continuous Improvement

• Integrate threat intelligence to prioritise remediation of actively exploited or high‑risk vulnerabilities.
• Recommend and drive improvements to tools, processes, automation, and reporting to enhance programme maturity.
• Stay current with emerging vulnerabilities, zero‑day threats, and vendor advisories.
• Support incident response activities where vulnerabilities are linked to potential security events.

What You’ll Bring

• Proven experience in vulnerability management, cyber security operations, or a related technical security role.
• Strong hands‑on experience with vulnerability management tooling (e.g. Microsoft Defender Vulnerability Management, Edgescan, or similar).
• Solid understanding of cloud platforms (Azure), operating systems (Windows, Linux), networking, and enterprise technologies.
• Strong knowledge of CVSS scoring, exploit analysis, and risk‑based prioritisation.
• Experience working in large, complex enterprise environments.
• Familiarity with regulatory and compliance requirements relevant to vulnerability management.
• Knowledge of SIEM, SOAR, EDR, and associated security tooling.
• Strong analytical skills with the ability to translate technical risk into clear, executive‑level reporting.
• Experience supporting incident response and investigations.
• Excellent stakeholder management skills, with the confidence to challenge and influence both technical and non‑technical teams.
• Strong understanding of patch management processes and operational constraints in business‑critical environments.
• Able to manage multiple competing priorities and make pragmatic, risk‑based decisions.

Qualifications

• Proven  hands‑on experience in vulnerability management or cyber security operations.
• Demonstrable understanding of security principles, standards, and methodologies.
• One or more of the following certifications preferred:
  CISM, CISSP, CEH, CompTIA Security+, CompTIA CySA+, GIAC GVMS