Vulnerability Manager

Solihull
2 months ago
Applications closed

Related Jobs

View all jobs

Information Security Manager

Information Security Manager

Project Manager (Cybersecurity)

Information Security Manager

Cyber Security Manager

Security Compliance Manager

Vulnerability Manager
Hybrid role – Birmingham on site 2–3 days per week
£70,000 – £80,000 per annum (DOE)
12‑Month Fixed Term Contract
We have an exciting opportunity for a Vulnerability Manager to join a high‑performing Business Change and Technology function on a 12‑month fixed term salaried contract.
Reporting into the Information Security Manager, you will be responsible for managing, maintaining, and continuously improving the vulnerability management programme across a complex enterprise technology estate. This includes the identification, assessment, prioritisation, and remediation tracking of security vulnerabilities across on‑premises systems, cloud environments, networks, applications, and endpoint devices.
This role plays a critical part in ensuring the organisation’s technology environment remains secure, resilient, and aligned with internal security policies, legal and regulatory requirements, and industry best practice.
The Opportunity – Vulnerability Manager
Vulnerability Management & Analysis
Lead the end‑to‑end vulnerability management lifecycle, including discovery, scanning, validation, prioritisation, reporting, and remediation tracking. Operate and optimise vulnerability scanning platforms (e.g. Microsoft Defender Vulnerability Management, Edgescan, or equivalent). Conduct regular internal and external vulnerability assessments across infrastructure, applications, and cloud environments.Validate and analyse vulnerability data to ensure findings are accurate, contextualised, and relevant to the organisation’s operational environment.

  • Identify and assess critical vulnerabilities and zero‑day threats, determining when expedited remediation is required.
  • Assess vulnerability severity based on real‑world exploitability, considering threat intelligence, exposure, asset criticality, and compensating controls.
  • Maintain a defensible position on exploitable vs non‑exploitable vulnerabilities, clearly documenting risk decisions and rationale.
  • Assess and articulate business risk based on exploitability, asset value, and threat intelligence.
    Remediation Coordination
  • Work closely with internal technical teams and third‑party partners to ensure vulnerabilities are remediated within agreed SLAs and risk tolerances.
  • Develop remediation plans, monitor progress, and escalate high‑risk issues where necessary.
  • Support patch governance activities, ensuring both routine and emergency patching meets security requirements.
    Security Governance & Compliance
  • Ensure vulnerability management activities align with internal information security policies, standards, and procedures.
  • Support compliance with relevant regulatory and security frameworks (e.g. GDPR, PCI DSS).
  • Produce regular vulnerability risk reports, dashboards, and KPIs for senior stakeholders.
  • Provide evidence and reporting to support audits, penetration tests, and regulatory reviews.
    Threat Intelligence & Continuous Improvement
  • Integrate threat intelligence to prioritise remediation of actively exploited or high‑risk vulnerabilities.
  • Recommend and drive improvements to tools, processes, automation, and reporting to enhance programme maturity.
  • Stay current with emerging vulnerabilities, zero‑day threats, and vendor advisories.
  • Support incident response activities where vulnerabilities are linked to potential security events.
    What You’ll Bring
  • Proven experience in vulnerability management, cyber security operations, or a related technical security role. Strong hands‑on experience with vulnerability management tooling (e.g. Microsoft Defender Vulnerability Management, Edgescan, or similar). Solid understanding of cloud platforms (Azure), operating systems (Windows, Linux), networking, and enterprise technologies. Strong knowledge of CVSS scoring, exploit analysis, and risk‑based prioritisation. Experience working in large, complex enterprise environments. Familiarity with regulatory and compliance requirements relevant to vulnerability management. Knowledge of SIEM, SOAR, EDR, and associated security tooling. Strong analytical skills with the ability to translate technical risk into clear, executive‑level reporting. Experience supporting incident response and investigations. Excellent stakeholder management skills, with the confidence to challenge and influence both technical and non‑technical teams. Strong understanding of patch management processes and operational constraints in business‑critical environments. Able to manage multiple competing priorities and make pragmatic, risk‑based decisions.
    Qualifications
  • Proven hands‑on experience in vulnerability management or cyber security operations.
  • Demonstrable understanding of security principles, standards, and methodologies.
  • One or more of the following certifications preferred:
    CISM, CISSP, CEH, CompTIA Security+, CompTIA CySA+, GIAC GVMS

Subscribe to Future Tech Insights for the latest jobs & insights, direct to your inbox.

By subscribing, you agree to our privacy policy and terms of service.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

Products

Where to Advertise Cyber Security Jobs in the UK (2026 Guide)

Advertising cyber security jobs in the UK requires a different approach to most technical hiring. The candidate pool is small, heavily vetted and in high demand across government, financial services, critical national infrastructure and the private sector simultaneously. Many of the strongest candidates hold active security clearances, are not actively job-searching through general platforms, and move primarily through specialist networks and trusted referrals. General job boards reach a broad audience but lack the specificity that security professionals expect. Specialist platforms, government-affiliated channels and cleared candidate networks each serve a different part of the market. This guide, published by CybersecurityJobs.tech, covers where to advertise cyber security roles in the UK in 2026, how the main platforms compare, what employers should expect to pay, and what the data says about hiring across different role types.

Jobs

Penetration Tester Jobs in the UK: What Employers Actually Want in 2026

The demand for skilled professionals in cyber security has never been higher, and penetration testers sit at the very heart of this rapidly evolving industry. As organisations across the UK continue to digitise their operations, protect sensitive data, and defend against increasingly sophisticated threats, the need for ethical hackers has grown dramatically. If you are considering a career in this field—or looking to advance within it—it is essential to understand what employers are really looking for in 2026. This guide breaks down the current expectations, required skills, certifications, and practical experience that can help you stand out in a competitive job market.

Jobs

SOC Analyst Jobs UK 2026: Salaries, Skills & How to Get Hired

Cyber security is one of the UK's fastest-growing career paths — and SOC analyst is where most people begin. It's in high demand, genuinely accessible, and you don't need a degree or years of experience to get started. But knowing what UK employers actually want in 2026 — what they pay, which certs matter, and how to stand out — is a different matter. This guide covers all of it.

🍪 We use cookies to enhance your browsing experience on our website. By continuing to use this site, you consent to the use of cookies as described in our Cookie Policy. You can review our Cookie Policy for more information.