Senior Threat & Vulnerability Management Leader
This is a key role responsible for the identification, analysis, and remediation support of security vulnerabilities across our global technology estate. You’ll work cross-functionally with infrastructure, application, and DevSecOps teams to strengthen our security posture and ensure compliance with internal policies and external standards.
Key Responsibilities
* Lead the vulnerability management lifecycle, including identification, assessment, prioritisation, and coordination of remediation efforts.
* Analyse scan results from vulnerability tools (e.g., Qualys, Tenable, Rapid7) and provide actionable insights.
* Work closely with IT operations, development, and business teams to validate, track, and remediate vulnerabilities in line with SLA targets.
* Experience presenting to C-Level members of the business on the progress of vulnerability management programme.
* Liaise with other business units within the business to drive accountability and maturity.
* Be a thought leader in Vulnerability Management and capable of challenging the status quo to drive long-term strategic improvements.
* Experience building dashboards to present timely information and results to wider parts of the business.
* Participate in threat modelling exercises to help contextualise vulnerabilities based on business impact and likelihood of exploitation.
* Contribute to security reporting and dashboards for both technical and executive audiences.
* Ensure continuous improvement of TVM processes, procedures, and playbooks.
* Stay current with emerging threats, zero-days, and vulnerabilities (e.g., via CVE databases, NVD, threat intel feeds).
* Support audit, risk, and compliance initiatives including ISO 27001, NIST CSF, and GDPR-related assessments.
* Mentor junior team members and act as a subject matter expert within the TVM domain.
Key Requirements
* 10+ years’ experience in Cybersecurity or IT Security, with at least 2 years focused on vulnerability management.
* Deep understanding of vulnerability assessment tools and techniques.
* Proficiency in interpreting CVSS scores, MITRE ATT&CK framework, and threat intelligence sources.
* Familiarity with infrastructure (Windows/Linux), networking, cloud platforms (AWS, Azure, GCP), and common web/app vulnerabilities (e.g., OWASP Top 10).
* Strong analytical, troubleshooting, and problem-solving skills.
* Ability to effectively communicate technical risks to non-technical stakeholders.
* Experience with scripting languages (e.g., Python, PowerShell) for automation and data processing.
Desirable
* Relevant certifications such as CISSP, GIAC GCIH/GVPM, OSCP, or CompTIA Security+.
* Knowledge of container and CI/CD pipeline security.
* Experience in regulated industries (finance, healthcare, etc.).
* Exposure to ticketing systems and CMDBs (e.g., ServiceNow).
Benefits/Perks
* Time off - 25 days leave + public holidays
* Birthday leave per year
* Company Pension Scheme (employer contribution 5%) + flexible salary sacrifice
* Employee Assistance Programme (EAP) - access to dedicated mental health, emotional wellbeing and general advice
* EkcOlympics - a global activity for fun!
* Learning & development - Unlimited access to Pluralsight learning platform
* Opportunities to grow responsibilities and progress (including international roles)
Why Ekco
* Microsoft’s 2023 Rising Star Security Partner of the Year
* VMware & Veeam top partner status
* Ranked as 4th fastest growing technology company in the Deloitte Fast50 Awards
* Committed to diversity, equality, inclusion and belonging
* Internal mobility and opportunities for internal development & progression
* Flexible working with a family-friendly focus
#J-18808-Ljbffr