Overview

Vulnerability Engineer — London, 2 days a week on site. £90K + great benefits. An impressive global media company is looking to hire a Vulnerability Engineer to take ownership of vulnerability remediation across a cloud and on-prem environment. This business is going through a big technology transformation programme that is estimated to take 3 - 5 years. The successful Vulnerability Engineer will drive and automate the vulnerability management programme across this business. This is a great opportunity for a passionate Vulnerability Engineer to build out a remediation programme and collaborate with a variety of stakeholders at all levels of this international superbrand.

Duties and Responsibilities

• Develop, implement, and maintain an automated and scalable vulnerability management program using Tenable and related tools.
• Create and enforce vulnerability management policies, scan configurations, and best practices, aligned to frameworks such as NIST or ISO 27001.
• Integrate vulnerability scanning and remediation into CI/CD pipelines and development workflows to ensure security at speed; this business is in a transformative stage!
• Automate data collection, triage, reporting, and ticketing processes using scripting languages such as Python, Bash, PowerShell, or Go.
• Collaborate with IT, DevOps, and engineering teams to remediate identified vulnerabilities quickly and effectively.
• Scope and coordinate penetration testing activities; track remediation and risk acceptance outcomes.
• Monitor, measure, and report on vulnerability management performance, including KPIs, SLAs, and risk metrics.

Your Background

• A technical degree in Information Systems or similar
• Extensive experience with Vulnerability Management across both cloud and On-Prem environments
• Hands-on experience with Tenable and integration of VM tooling into CI/CD pipelines
• Strong scripting skills using languages such as Python, Bash, PowerShell, or Go.
• Familiarity with APIs, automation workflows, and integrating with platforms like Jira, ServiceNow, or Slack.
• Ability to scope penetration tests and manage findings through to remediation.
• Strong understanding of security frameworks and standards such as ISO 27001, NIST, and CIS.
• Excellent communication, presentation, and influencing skills, with the ability to explain complex technical issues to non-technical stakeholders.

We invite individuals from underrepresented groups to apply for any of our roles and are committed to supporting accessibility needs