Vulnerability Manager

Vulnerability Manager
Hybrid role – Birmingham on site 2–3 days per week
£70,000 – £80,000 per annum (DOE)
12‑Month Fixed Term Contract
We have an exciting opportunity for a Vulnerability Manager to join a high‑performing Business Change and Technology function on a 12‑month fixed term salaried contract.
Reporting into the Information Security Manager, you will be responsible for managing, maintaining, and continuously improving the vulnerability management programme across a complex enterprise technology estate. This includes the identification, assessment, prioritisation, and remediation tracking of security vulnerabilities across on‑premises systems, cloud environments, networks, applications, and endpoint devices.
This role plays a critical part in ensuring the organisation’s technology environment remains secure, resilient, and aligned with internal security policies, legal and regulatory requirements, and industry best practice.
The Opportunity – Vulnerability Manager
Vulnerability Management & Analysis
Lead the end‑to‑end vulnerability management lifecycle, including discovery, scanning, validation, prioritisation, reporting, and remediation tracking. Operate and optimise vulnerability scanning platforms (e.g. Microsoft Defender Vulnerability Management, Edgescan, or equivalent). Conduct regular internal and external vulnerability assessments across infrastructure, applications, and cloud environments.Validate and analyse vulnerability data to ensure findings are accurate, contextualised, and relevant to the organisation’s operational environment.

• Identify and assess critical vulnerabilities and zero‑day threats, determining when expedited remediation is required.
  
• Assess vulnerability severity based on real‑world exploitability, considering threat intelligence, exposure, asset criticality, and compensating controls.
  
• Maintain a defensible position on exploitable vs non‑exploitable vulnerabilities, clearly documenting risk decisions and rationale.
  
• Assess and articulate business risk based on exploitability, asset value, and threat intelligence.
  Remediation Coordination
  
• Work closely with internal technical teams and third‑party partners to ensure vulnerabilities are remediated within agreed SLAs and risk tolerances.
  
• Develop remediation plans, monitor progress, and escalate high‑risk issues where necessary.
  
• Support patch governance activities, ensuring both routine and emergency patching meets security requirements.
  Security Governance & Compliance
  
• Ensure vulnerability management activities align with internal information security policies, standards, and procedures.
  
• Support compliance with relevant regulatory and security frameworks (e.g. GDPR, PCI DSS).
  
• Produce regular vulnerability risk reports, dashboards, and KPIs for senior stakeholders.
  
• Provide evidence and reporting to support audits, penetration tests, and regulatory reviews.
  Threat Intelligence & Continuous Improvement
  
• Integrate threat intelligence to prioritise remediation of actively exploited or high‑risk vulnerabilities.
  
• Recommend and drive improvements to tools, processes, automation, and reporting to enhance programme maturity.
  
• Stay current with emerging vulnerabilities, zero‑day threats, and vendor advisories.
  
• Support incident response activities where vulnerabilities are linked to potential security events.
  What You’ll Bring
  
• Proven experience in vulnerability management, cyber security operations, or a related technical security role. Strong hands‑on experience with vulnerability management tooling (e.g. Microsoft Defender Vulnerability Management, Edgescan, or similar). Solid understanding of cloud platforms (Azure), operating systems (Windows, Linux), networking, and enterprise technologies. Strong knowledge of CVSS scoring, exploit analysis, and risk‑based prioritisation. Experience working in large, complex enterprise environments. Familiarity with regulatory and compliance requirements relevant to vulnerability management. Knowledge of SIEM, SOAR, EDR, and associated security tooling. Strong analytical skills with the ability to translate technical risk into clear, executive‑level reporting. Experience supporting incident response and investigations. Excellent stakeholder management skills, with the confidence to challenge and influence both technical and non‑technical teams. Strong understanding of patch management processes and operational constraints in business‑critical environments. Able to manage multiple competing priorities and make pragmatic, risk‑based decisions.
  Qualifications
  
• Proven hands‑on experience in vulnerability management or cyber security operations.
  
• Demonstrable understanding of security principles, standards, and methodologies.
  
• One or more of the following certifications preferred:
  CISM, CISSP, CEH, CompTIA Security+, CompTIA CySA+, GIAC GVMS