Xcede Greater London, England, United Kingdom
Lead Vulnerability Management Engineer
A leading financial technology and data science firm requires a Lead Vulnerability Management Engineer who will be responsible for delivering a "greenfield" global vulnerability management programme. The role entails delivering the technical aspects of vulnerability management; identification and prioritisation, as well as the non-technical side involving communication and coordination with cross-functional teams to ensure timely patching and remediation, compliance and reporting. The role includes evaluating vulnerabilities for exploitability, aligning patching schedules, and overseeing and ensuring the integrity of pre- and post-patch checks across the corporate technology environment as well as the application development functions. Whilst this is currently an individual contributor role, it will quickly expand into a leadership position, so it would suit a hands-on VM Engineer looking for a step toward management. The position reports directly to the Head of Security. Please note: the role requires at least 3 days in the office. Responsibilities
5 -10 years of experience in vulnerability management or a similar security role in globally distributed financial (or complex) technology environment Strong technical knowledge with hands-on experience using vulnerability scanning/assessment tools - Tenable and AWS Inspector are desirable Familiarity with on-premise and cloud environments (AWS, Azure) and hybrid setups. Ability to communicate effectively with both technical and non-technical stakeholders. Experience in coordinating patch management processes across a large organisation and time zones, ensuring minimal business disruption Ability to evaluate vulnerabilities based on risk and exploitability, guiding patching priorities Strong organisational skills to manage patch schedules, stakeholder coordination, and compliance requirements Certifications such as CISSP, CISM, or relevant security qualifications Familiarity with regulatory requirements and security standards (e.g., ISO 27001, NIST) Seniority level
Mid-Senior level Employment type
Full-time Job function
Information Technology Industries
Investment Management, Investment Banking, and Financial Services
#J-18808-Ljbffr
A leading financial technology and data science firm requires a Lead Vulnerability Management Engineer who will be responsible for delivering a "greenfield" global vulnerability management programme. The role entails delivering the technical aspects of vulnerability management; identification and prioritisation, as well as the non-technical side involving communication and coordination with cross-functional teams to ensure timely patching and remediation, compliance and reporting. The role includes evaluating vulnerabilities for exploitability, aligning patching schedules, and overseeing and ensuring the integrity of pre- and post-patch checks across the corporate technology environment as well as the application development functions. Whilst this is currently an individual contributor role, it will quickly expand into a leadership position, so it would suit a hands-on VM Engineer looking for a step toward management. The position reports directly to the Head of Security. Please note: the role requires at least 3 days in the office. Responsibilities
5 -10 years of experience in vulnerability management or a similar security role in globally distributed financial (or complex) technology environment Strong technical knowledge with hands-on experience using vulnerability scanning/assessment tools - Tenable and AWS Inspector are desirable Familiarity with on-premise and cloud environments (AWS, Azure) and hybrid setups. Ability to communicate effectively with both technical and non-technical stakeholders. Experience in coordinating patch management processes across a large organisation and time zones, ensuring minimal business disruption Ability to evaluate vulnerabilities based on risk and exploitability, guiding patching priorities Strong organisational skills to manage patch schedules, stakeholder coordination, and compliance requirements Certifications such as CISSP, CISM, or relevant security qualifications Familiarity with regulatory requirements and security standards (e.g., ISO 27001, NIST) Seniority level
Mid-Senior level Employment type
Full-time Job function
Information Technology Industries
Investment Management, Investment Banking, and Financial Services
#J-18808-Ljbffr
