Vulnerability Manager

About the role

You will act as the central coordination and risk authority for vulnerability activity, partnering closely with engineering and platform teams that own remediation delivery. The role requires a strong technical foundation and the ability to build, lead, and develop a high‑performing vulnerability management team.

Key responsibilities

• Own and continuously improve the end‑to‑end vulnerability management lifecycle across legacy, cloud, containerised, and third‑party environments.
• Operate and coordinate the Security Penetration Testing Framework, ensuring a consistent, risk‑led approach to scope, frequency, execution, retesting and closure.
• Triage, prioritise and track vulnerabilities and pen‑test findings, providing clear ownership, progress visibility and timely escalation of unmanaged risk.
• Govern risk acceptance, compensating controls and audit evidence.
• Produce reporting on risk posture, trends, coverage and performance for senior stakeholders and governance forums.
• Drive improvements in tooling, data quality, asset coverage and testing scope in collaboration with suppliers and internal teams.
• Establish and grow a sustainable vulnerability management team (hiring, onboarding, performance, coaching).

Required profile

• Strong experience coordinating vulnerability management and security penetration testing in complex enterprise environments.
• Demonstrable technical background in application, infrastructure and cloud security, as well as vulnerability assessment and remediation validation.
• Proven ability to hire, lead and develop a high‑performing vulnerability management team.
• Solid understanding of penetration testing methodologies and assurance expectations across applications, infrastructure, cloud and externally exposed services.
• Ability to apply risk‑based judgement beyond severity scoring, considering exploitability, exposure and business context.
• Experience governing penetration testing processes, including scope definition, prioritisation, retesting and remediation assurance.
• Confident stakeholder management with the skill to translate technical findings into clear business risk narratives.
• High standards for reporting, documentation and audit readiness.

Required skills

• Vulnerability management
• Penetration testing
• Application security
• Infrastructure security
• Cloud security
• Vulnerability assessment
• Remediation validation
• Risk‑based judgement
• Audit readiness

What we offer

• Flexible working arrangements
• Competitive perks and benefits
• Opportunities for continuous learning and career growth