Vulnerability Manager
other jobs Amtis professional Ltd
Added before 7 hours
- England,West Midlands,Birmingham
- Full Time, Permanent
- £70,000 - £80,000 per annum
Job Description:
Vulnerability Manager
Hybrid role - Birmingham on site 2-3 days per week
£70,000 - £80,000 per annum (DOE)
12-Month Fixed Term Contract
We have an exciting opportunity for a Vulnerability Manager to join a high-performing Business Change and Technology function on a 12-month fixed term salaried contract.
Reporting into the Information Security Manager, you will be responsible for managing, maintaining, and continuously improving the vulnerability management programme across a complex enterprise technology estate. This includes the identification, assessment, prioritisation, and remediation tracking of security vulnerabilities across on-premises systems, cloud environments, networks, applications, and endpoint devices.
This role plays a critical part in ensuring the organisation’s technology environment remains secure, resilient, and aligned with internal security policies, legal and regulatory requirements, and industry best practice.
The Opportunity - Vulnerability Manager
Vulnerability Management & Analysis
*Lead the end-to-end vulnerability management lifecycle, including discovery, scanning, validation, prioritisation, reporting, and remediation tracking.
*Operate and optimise vulnerability scanning platforms (e.g. Microsoft Defender Vulnerability Management, Edgescan, or equivalent).
*Conduct regular internal and external vulnerability assessments across infrastructure, applications, and cloud environments.
*Validate and analyse vulnerability data to ensure findings are accurate, contextualised, and relevant to the organisation’s operational environment.
*Identify and assess critical vulnerabilities and zero-day threats, determining when expedited remediation is required.
*Assess vulnerability severity based on real-world exploitability, considering threat intelligence, exposure, asset criticality, and compensating controls.
*Maintain a defensible position on exploitable vs non-exploitable vulnerabilities, clearly documenting risk decisions and rationale.
*Assess and articulate business risk based on exploitability, asset value, and threat intelligence.
Remediation Coordination
*Work closely with internal technical teams and third-party partners to ensure vulnerabilities are remediated within agreed SLAs and risk tolerances.
*Develop remediation plans, monitor progress, and escalate high-risk issues where necessary.
*Support patch governance activities, ensuring both routine and emergency patching meets security requirements.
Security Governance & Compliance
*Ensure vulnerability management activities align with internal information security policies, standards, and procedures.
*Support compliance with relevant regulatory and security frameworks (e.g. GDPR, PCI DSS).
*Produce regular vulnerability risk reports, dashboards, and KPIs for senior stakeholders.
*Provide evidence and reporting to support audits, penetration tests, and regulatory reviews.
Threat Intelligence & Continuous Improvement
*Integrate threat intelligence to prioritise remediation of actively exploited or high-risk vulnerabilities.
*Recommend and drive improvements to tools, processes, automation, and reporting to enhance programme maturity.
*Stay current with emerging vulnerabilities, zero-day threats, and vendor advisories.
*Support incident response activities where vulnerabilities are linked to potential security events.
What You’ll Bring
*Proven experience in vulnerability management, cyber s
Hybrid role - Birmingham on site 2-3 days per week
£70,000 - £80,000 per annum (DOE)
12-Month Fixed Term Contract
We have an exciting opportunity for a Vulnerability Manager to join a high-performing Business Change and Technology function on a 12-month fixed term salaried contract.
Reporting into the Information Security Manager, you will be responsible for managing, maintaining, and continuously improving the vulnerability management programme across a complex enterprise technology estate. This includes the identification, assessment, prioritisation, and remediation tracking of security vulnerabilities across on-premises systems, cloud environments, networks, applications, and endpoint devices.
This role plays a critical part in ensuring the organisation’s technology environment remains secure, resilient, and aligned with internal security policies, legal and regulatory requirements, and industry best practice.
The Opportunity - Vulnerability Manager
Vulnerability Management & Analysis
*Lead the end-to-end vulnerability management lifecycle, including discovery, scanning, validation, prioritisation, reporting, and remediation tracking.
*Operate and optimise vulnerability scanning platforms (e.g. Microsoft Defender Vulnerability Management, Edgescan, or equivalent).
*Conduct regular internal and external vulnerability assessments across infrastructure, applications, and cloud environments.
*Validate and analyse vulnerability data to ensure findings are accurate, contextualised, and relevant to the organisation’s operational environment.
*Identify and assess critical vulnerabilities and zero-day threats, determining when expedited remediation is required.
*Assess vulnerability severity based on real-world exploitability, considering threat intelligence, exposure, asset criticality, and compensating controls.
*Maintain a defensible position on exploitable vs non-exploitable vulnerabilities, clearly documenting risk decisions and rationale.
*Assess and articulate business risk based on exploitability, asset value, and threat intelligence.
Remediation Coordination
*Work closely with internal technical teams and third-party partners to ensure vulnerabilities are remediated within agreed SLAs and risk tolerances.
*Develop remediation plans, monitor progress, and escalate high-risk issues where necessary.
*Support patch governance activities, ensuring both routine and emergency patching meets security requirements.
Security Governance & Compliance
*Ensure vulnerability management activities align with internal information security policies, standards, and procedures.
*Support compliance with relevant regulatory and security frameworks (e.g. GDPR, PCI DSS).
*Produce regular vulnerability risk reports, dashboards, and KPIs for senior stakeholders.
*Provide evidence and reporting to support audits, penetration tests, and regulatory reviews.
Threat Intelligence & Continuous Improvement
*Integrate threat intelligence to prioritise remediation of actively exploited or high-risk vulnerabilities.
*Recommend and drive improvements to tools, processes, automation, and reporting to enhance programme maturity.
*Stay current with emerging vulnerabilities, zero-day threats, and vendor advisories.
*Support incident response activities where vulnerabilities are linked to potential security events.
What You’ll Bring
*Proven experience in vulnerability management, cyber s
Job number 3389530
Increase your exposure to recruiters with ProJobs
Thousands of recruiters are looking for you in the Job Master profile database, increase your exposure 4 times with a ProJob subscription
You can cancel your subscription at any time.