14 of 14 Vulnerability Management Jobs in the Thames Valley

As a Senior Security Penetration Tester , you will be responsible for supporting the design, implementation, and maintenance of TVM (Threat & Vulnerability Management) solutions, controls and processes across the organisation. You will be liaising with Digital teams to ensure appropriate mitigation and remediation of vulnerabilities detected across our IT estate. This role requires an understanding of TVM concepts, technologies … Tester Help support and develop an internal penetration testing function. Conduct network, application penetration testing, code and security reviews. Identify and exploit vulnerabilities through proof-of-concept testing. Support vulnerability management across the enterprise, ensuring that a framework for identification, categorisation and mitigation exists and is implemented and maintained. Responsible for supporting the creation of the operating model … for vulnerability management, that it is shared, agreed and operates effectively across the business. Develop and maintain penetration testing documentation, policies, and procedures. Integrate cybersecurity solutions (e.g. vulnerability scanning tools) with existing systems, applications, and infrastructure. Evaluate and recommend technologies, tools, and vendors to meet business needs. Investigate newly identified cybersecurity vulnerabilities and provide appropriate mitigation actions. More ❯

s ready to move into a Head of role, take ownership, and shape strategy while staying close to the tech. What you'll be doing: Owning implementation, consolidation, and vulnerability management across the group Leading a team (3 direct reports by year-end) — mentoring, developing, and embedding best practice Overseeing infrastructure, EUC, platform, cloud, and building security Partnering … with stakeholders across multiple business units to understand systems and improve visibility Driving improvements in security tooling, processes, and response Vulnerability management tools (e.g. Rapid7, Microsoft Defender suite) Core enterprise security toolsets Networking, cloud infrastructure, and EUC environments You'll have: Experience as a team lead or manager (formal or informal) with direct reports or leadership responsibility Strong … grounding in infrastructure and security — ideally having moved from networking/cloud into security Hands-on experience with vulnerability management tools and security platforms Why join? Progression: Step into a Head of role with mentoring from an experienced Group Infrastructure Director Influence: Work at a group level across multiple industries More ❯

proposing effective controls, and ensuring adherence to security policies. Drive the selection and integration of security technologies and services within cloud ecosystems (AWS, Azure, GCP preferred). Risk & Compliance Management: Lead threat modeling, risk assessments, and security posture management across cloud environments. Ensure architectural designs meet stringent regulatory compliance requirements relevant to the financial industry in Europe (e.g. … security, including understanding of common threats, European regulatory requirements (e.g., PSD2, DORA, EBA guidelines), and data privacy mandates (GDPR). Extensive knowledge of security architecture principles for: Identity & Access Management (IAM) in cloud (e.g., AWS IAM, Azure AD, GCP IAM). Network Security (VPCs, firewalls, WAFs, micro-segmentation, private connectivity). Data Security (encryption at rest/in transit … KMS, data classification, DLP). Application Security (secure coding, API security, SAST/DAST, WAF integration). Container Security (Kubernetes, Docker, service mesh). Security Information and Event Management (SIEM) and logging strategies. Zero Trust Architecture principles. Proven experience with DevSecOps methodologies and securing CI/CD pipelines. Strong understanding of security frameworks such as NIST CSF, ISO More ❯

by Three and its partners, ensuring that effective governance and technical assurance can be performed. Maintain and improve the use of artefact templates. Ensure that there is effective capacity management and planning in place for the security services and solutions assigned to you and ensure that the solution is incorporated into the 18-month technical and budget roadmap for … capacity expansion and service improvement. Support the Programme and Project Manager in project planning, risk and issue management and the budgeting process. Our people make us who we are. We're a diverse and inclusive bunch, and it's important you can feel you belong here. We value everybody for who they are and what they bring to the … exploit these vulnerabilities Experience in one or more of the following technical domains: Cloud/Hybrid security, Infrastructure and data centre security, Network security, Application security, Identity and access management, Vulnerability Management Expertise in defining and then governing the delivery of security contractual/business outcomes and know how to influence/negotiate technical outcomes with 3rd More ❯

a leadership role within Defra's operational IT function, Group Infrastructure and Operations (GIO). The role requires demonstration of deep and wide-ranging IT leadership skills in service management and strategic direction setting of the Service Operations functions. The Head of Service Operations is responsible for the effectiveness of operational IT services and user support to ensure optimum … strategy, to remain effective whilst supporting modern service delivery approaches, including Agile and DevOps. As such the role requires the ability to function seamlessly between strategic thinking and operational management of live services. The role's level of operational responsibility is high and includes leading through major disruption at times of major incidents including cyber security ones. As a … be required to develop strong relationships with Defra group's delivery bodies and Arms Length Bodies (ALBs) in order to deliver core IT services as part of the Service Management Operating Model. Key Responsibilities Primary responsibility is to ensure service availability is maintained at required levels, and in doing so own the responsibilities of: Sets the vision, and strategy More ❯

everything we dofrom infrastructure to application design. Key Responsibilities Design and implement security controls across cloud platforms (AWS, Azure, or GCP) Develop and maintain security tooling for threat detection, vulnerability management, and incident response Lead threat modelling and risk assessments for critical systems and services Collaborate with engineering teams to integrate security best practices into CI/CD … and documentation What Were Looking For Proven experience as a security engineer with a strong background in cloud security (AWS, Azure, or GCP) Solid understanding of networking, identity & access management, and encryption technologies Hands-on experience with tools like Terraform, Kubernetes, SIEM platforms, and security scanners Familiarity with DevSecOps practices and modern CI/CD pipelines Strong scripting or More ❯

templates, and standards. Assist in the development and localisation of standard test scripts, ensuring they are tailored to specific control environments and aligned with the organisation's Enterprise Risk Management Framework. Conduct control testing activities to evaluate the design and operational effectiveness of assigned controls, documenting results clearly and raising issues where appropriate Ensure timely delivery of assigned control … in this role, the essential criteria you'll need are: Proven experience in performing control assessments, including evaluating design and operational effectiveness. Strong understanding of information security principles, risk management, and control frameworks. Experience in IT, OT and Cloud environments. Clear and professional verbal and written communication, including the ability to explain technical issues to non-technical audiences. Ability … minimal supervision, taking ownership of assigned tasks and driving them to completion while maintaining high standards of quality and accuracy. Strong understanding of Cyber Security Domains including Threat Intelligence, Vulnerability Management, Security Testing, Security Architecture, Infrastructure Protection, Application Security, Identity and Access Management, Incident Investigation & Response and Cryptography. Additional skills and experiences would be great to have More ❯

risk. Ensure we are deploying solutions into a secure environment . Ensure we build solutions in alignment with our control requirements. Support on-going business-as-usual and champion vulnerability management. Provide internal security consultancy and lead on audit engagements, risk activities and project initiatives. Work closely with colleagues to ensure effective technology risk management. Work together . Collaborate More ❯

CI/CD pipelines, and infrastructure as code (Terraform) Security integration experience across the DevSecOps lifecycle, including: SAST, DAST, SCA, and IAST tools (e.g., Checkmarx, Veracode, OWASP ZAP) Secrets management tools like HashiCorp Vault Vulnerability management solutions such as Prisma Cloud Testing frameworks like Selenium Familiarity with JIRA, Confluence, and GitLab/Jenkins-based CI/CD More ❯

CI/CD pipelines, and infrastructure as code (Terraform) Security integration experience across the DevSecOps lifecycle, including: SAST, DAST, SCA, and IAST tools (e.g., Checkmarx, Veracode, OWASP ZAP) Secrets management tools like HashiCorp Vault Vulnerability management solutions such as Prisma Cloud Testing frameworks like Selenium Familiarity with JIRA, Confluence, and GitLab/Jenkins-based CI/CD More ❯

considered throughout the product and software development lifecycle Provide security best practice, build security design patterns, complete security architecture reviews Support on-going BAU software development processes and champion vulnerability management Provide internal security consultancy and lead on audit engagements, risk activities Skills & Experience Understanding of securing micro-service architectures Working knowledge of modern secure SDLC practices - embedding More ❯

within regulated sectors such as Defence, Aerospace, or Industrial Engineering. Strong understanding of enterprise security frameworks, secure system design, and risk management. Experience with cloud security, identity and access management, and secure integration patterns. Familiarity with cybersecurity tools and platforms including SIEM, endpoint protection, IAM, and vulnerability management. Excellent communication and stakeholder engagement skills. UK citizenship and eligibility More ❯

building out something exciting, with a fantastic long term career path, then this is the role for you! Within this role you will: Lead and evolve the cybersecurity risk management framework, ensuring effective identification, assessment, and remediation of risks. Conduct detailed risk and control assessments across business units, projects, vendors, and IT systems, aligning with standards like ISO … NIST CSF, and CIS Controls. Manage and enhance Third-Party Risk Management, including cybersecurity assessments of external partners and suppliers. Collaborate with stakeholders to develop and track cyber risk treatment plans, implement corrective actions, and report on key risk indicators and control effectiveness. Drive continuous improvement of cybersecurity policies and practices, while fostering strong relationships to embed a risk … and PCI. Strong technical and analytical skills, with the ability to assess risks, identify gaps, and propose mitigation strategies across IT systems and third parties. Excellent communication and stakeholder management, including experience presenting risk insights to senior leadership and working across technical and business teams. Proven experience in cybersecurity disciplines, ideally 5-7 years in roles covering risk management More ❯

building out something exciting, with a fantastic long term career path, then this is the role for you! Within this role you will: Lead and evolve the cybersecurity risk management framework, ensuring effective identification, assessment, and remediation of risks. Conduct detailed risk and control assessments across business units, projects, vendors, and IT systems, aligning with standards like ISO … NIST CSF, and CIS Controls. Manage and enhance Third-Party Risk Management, including cybersecurity assessments of external partners and suppliers. Collaborate with stakeholders to develop and track cyber risk treatment plans, implement corrective actions, and report on key risk indicators and control effectiveness. Drive continuous improvement of cybersecurity policies and practices, while fostering strong relationships to embed a risk … and PCI. Strong technical and analytical skills, with the ability to assess risks, identify gaps, and propose mitigation strategies across IT systems and third parties. Excellent communication and stakeholder management, including experience presenting risk insights to senior leadership and working across technical and business teams. Proven experience in cybersecurity disciplines, ideally 5-7 years in roles covering risk management More ❯