A leading financial technology and data science firm requires a Lead Vulnerability Management Engineer who will be responsible for delivering a "greenfield" global vulnerability management programme.
The role entails delivering the technical aspects of vulnerability management; identification and prioritisation, as well as the non-technical side involving communication, and coordination with cross-functional teams to ensure timely patching and remediation, compliance and reporting. The role includes evaluating vulnerabilities for exploitability, aligning patching schedules, and overseeing, and ensuring the integrity of pre- and post-patch checks across the corporate technology environment as well as the application development functions.
Whilst this is currently an individual contributor role it will quickly expand into a leadership position so would suit a hands-on VM Engineer looking for a step toward management.
The position reports directly to the Head of Security. Please note: the role requires at least 3 days in the office.
Your present skillset
- 5 -10 years of experience in vulnerability management or a similar security role in globally distributed financial (or complex) technology environment
- Strong technical knowledge with hands-on experience using vulnerability scanning/assessment tools - Tenable and AWS Inspector are desirable
- Familiarity with on-premise and cloud environments (AWS, Azure) and hybrid setups.
- Ability to communicate effectively with both technical and non-technical stakeholders.
- Experience in coordinating patch management processes across a large organisation and time zones, ensuring minimal business disruption
- Ability to evaluate vulnerabilities based on risk and exploitability, guiding patching priorities
- Strong organisational skills to manage patch schedules, stakeholder coordination, and compliance requirements
Desirable:
- Certifications such as CISSP, CISM, or relevant security qualifications
- Familiarity with regulatory requirements and security standards (e.g., ISO 27001, NIST)
