Vulnerability Manager Jobs (NOW HIRING)

Job Description Vulnerability Manager Hybrid role - Birmingham on site 2-3 days per week 65,000 - 75,000 per annum (DOE) 12Month Fixed Term Contract We have an exciting opportunity for a Vulnerability Manager to join a highperforming Business Change and Technology function on a 12month fixed term salaried contract. Reporting into the Information Security Manager, you will be responsible for managing, maintaining, and continuously improving the vulnerability management programme across a complex enterprise technology estate. This includes the identification, assessment, prioritisation, and remediation tracking of security vulnerabilities across onpremises systems, cloud environments, networks, applications, and endpoint devices.

This role plays a critical part in ensuring the organisation's technology environment remains secure, resilient, and aligned with internal security policies, legal and regulatory requirements, and industry best practice. The Opportunity - Vulnerability Manager Vulnerability Management & Analysis Lead the endtoend vulnerability management lifecycle, including discovery, scanning, validation, prioritisation, reporting, and remediation tracking. Operate and optimise vulnerability scanning platforms (e.g

Microsoft Defender Vulnerability Management, Edgescan, or equivalent). Conduct regular internal and external vulnerability assessments across infrastructure, applications, and cloud environments. Validate and analyse vulnerability data to ensure findings are accurate, contextualised, and relevant to the organisation's operational environment.

Identify and assess critical vulnerabilities and zeroday threats, determining when expedited remediation is required. Assess vulnerability severity based on realworld exploitability, considering threat intelligence, exposure, asset criticality, and compensating controls. Maintain a defensible position on exploitable vs nonexploitable vulnerabilities, clearly documenting risk decisions and rationale.

Assess and articulate business risk based on exploitability, asset value, and threat intelligence. Remediation Coordination Work closely with internal technical teams and thirdparty partners to ensure vulnerabilities are remediated within agreed SLAs and risk tolerances. Develop remediation plans, monitor progress, and escalate highrisk issues where necessary.

Support patch governance activities, ensuring both routine and emergency patching meets security requirements. Security Governance & Compliance Ensure vulnerability management activities align with internal information security policies, standards, and procedures. Support compliance with relevant regulatory and security frameworks (e.g

GDPR, PCI DSS). Produce regular vulnerability risk reports, dashboards, and KPIs for senior stakeholders. Provide evidence and reporting to support audits, penetration tests, and regulatory reviews.

Threat Intelligence & Continuous Improvement Integrate threat intelligence to prioritise remediation of actively exploited or highrisk vulnerabilities. Recommend and drive improvements to tools, processes, automation, and reporting to enhance programme maturity. Stay current with emerging vulnerabilities, zeroday threats, and vendor advisories.

Support incident response activities where vulnerabilities are linked to potential security events. What You'll Bring Proven experience in vulnerability management, cyber security operations, or a related technical security role. Strong handson experience with vulnerability management tooling (e.g

Microsoft Defender Vulnerability Management, Edgescan, or similar). Solid understanding of cloud platforms (Azure), operating systems (Windows, Linux), networking, and enterprise technologies. Strong knowledge of CVSS scoring, exploit analysis, and riskbased prioritisation.

Experience working in large, complex enterprise environments. Familiarity with regulatory and compliance requirements relevant to vulnerability management. Knowledge of SIEM, SOAR, EDR, and associated security tooling.

Strong analytical skills with the ability to translate technical risk into clear, executivelevel reporting. Experience supporting incident response and investigations. Excellent stakeholder management skills, with the confidence to challenge and influence both technical and nontechnical teams.

Strong understanding of patch management processes and operational constraints in businesscritical environments. Able to manage multiple competing priorities and make pragmatic, riskbased decisions. Qualifications Proven handson experience in vulnerability management or cyber security operations.

Demonstrable understanding of security principles, standards, and methodologies. One or more of the following certifications preferred: CISM, CISSP, CEH, CompTIA Security+, CompTIA CySA+, GIAC GVMS