Senior Vulnerability Management Engineer

Senior – Threat & Vulnerability Management

External threats, vulnerability & patch management, penetration testing, threat intelligence etc.

Key Responsibilities

Threat Intelligence:

• Monitor and challenge the effectiveness of the threat intelligence activities performed by the 1st line (e.g., Security Operations Center), ensuring intelligence gathering, analysis, and dissemination processes are adequate. Conduct independent, thematic analyses on threat trends and emerging risks to identify potential blind spots or systemic vulnerabilities.

Vulnerability Management:

• Oversee the 1st line’s vulnerability management processes by regularly reviewing scan results, remediation timelines, and risk assessments. Challenge delays, exceptions, or inadequate remediation efforts. Evaluate the adequacy of the 1st line’s control environment for patching, configuration management, and vulnerability remediation. Make recommendations for improvement and track progress on remediation actions.

Penetration Testing:

• Plan and perform independent 2nd line-led or commission externally sourced penetration tests or deep dives into critical controls, business processes, or technology assets. Validate the thoroughness of 1st line testing by performing targeted assurance testing, focusing on areas of heightened risk, high-impact change, or previous findings.

Cyber Risk Oversight:

• Independently assess effectiveness of 1st line controls related to cyber and technology risks, challenge business and IT functions on their cyber risk decisions.

Incident Response Support:

• Review incident response plans, test scenarios, and help refine procedures based on emerging threats and best practice guidance.

Policy & Compliance:

• Contribute to development and review of cyber risk policies, standards and frameworks, ensure alignment with regulatory expectations (e.g., FCA, GDPR).

Reporting:

• Prepare clear, actionable reports and dashboards for management and board level risk committees.

Requirements

• Advanced degree in Cybersecurity, Information Security, Computer Science, or related field (or equivalent experience).
• +10 years’ experience in cybersecurity, preferably in a regulated financial services or fintech environment.
• Strong understanding of external threats, vulnerability/patch management, and penetration testing methodologies.
• Familiarity with frameworks such as NIST, ISO 27001, MITRE ATT&CK, CIS, etc.
• Knowledge of current cyber threat landscape and trends.
• Excellent analytical, communication, and stakeholder management skills.
• Certifications such as CISSP, CISM, CEH, OSCP, GIAC or similar (preferred).