Cybersecurity Vulnerability Lead

Cybersecurity Vulnerability Lead - £700 per day - Inside IR35 - Remote - 6 Months initial contract.

Our client, the UKs leading producer of Zero Carbon energy, is looking for a Cybersecurity Vulnerability Lead to join them on a contract basis. 

This is a senior role with responsibility for the organisation’s vulnerability management programme across multiple business units, technologies, and regulatory environments.

The organisation has made significant investment in Tenable as its core vulnerability management platform. You’ll be expected to lead its strategic and day-to-day usage, ensuring vulnerabilities are accurately identified, prioritised, and remediated while driving continuous improvement in how the platform is integrated and utilised.

Candidates with strong Tenable expertise, particularly those who have embedded it at scale in large or regulated environments such as financial services, will be especially attractive for this role.

Security Clearance -

Due to the sensitive nature of the work, candidates must be eligible for SC clearance.

• Candidates with active or recently lapsed SC clearance will be prioritised.

• Applicants without clearance must be willing and eligible to undergo vetting.

The Role -

As Cybersecurity Vulnerability Lead, you will:

• Own the end-to-end vulnerability management programme, with Tenable One at the core.

• Define and deliver the strategy, policies, SLAs, and operating rhythm.

• Lead on risk-based prioritisation using exploit intelligence, asset criticality, and business impact.

• Translate scan data into clear, actionable remediation plans for technical teams.

• Build dashboards and executive reports (ServiceNow, Power BI).

• Provide rapid risk assessments and emergency patch governance during incidents.

• Support audits and regulatory compliance (ISO27001, CE+, GDPR, NIS2, ONR).

• Drive automation, integrating tools and workflows to improve efficiency.

• Act as subject matter expert for Tenable and related tooling, ensuring platforms are fully leveraged.

• Mentor analysts and security champions, building maturity across the team.

About You - 

You will bring experience leading vulnerability management at enterprise scale, ideally in financial services or similarly regulated industries.

You should also have hands-on knowledge of the following:

Core Vulnerability Management -

• Tenable One (Exposure Management, Attack Surface Management, Attack Paths, Identity)

• AWS Inspector

• Agent-based and network-based scanning

• Cloud integrations (AWS, Azure, GCP)

• Dashboards and risk-based prioritisation

Patch & Endpoint Management -

• Microsoft Intune / SCCM / WSUS

• Jamf

Workflow & ITSM Integration - 

• ServiceNow (dashboards, SOAR)

• Jira

Cloud & Application Security -

• AWS Security Hub

• Azure Defender for Cloud

• Veracode

Threat Intelligence & Exploit Context -

• Tenable Threat Intelligence

• Exploit DB

• Metasploit

SIEM, SOAR & Monitoring - 

• Microsoft Sentinel

• SOAR platforms (ServiceNow SOAR)

Automation & Scripting - 

• Python, PowerShell, Bash, Ansible

Reporting & Metrics -

• Power BI

• ServiceNow dashboards

• Excel (advanced analysis)

Frameworks & Standards -

• NIST CSF, ISO 27001, OWASP, CE / CE+, GDPR, NIS2, ONR

Security Domains / Capabilities -

• Identity and Access Management (IAM)

• Network Security

• Data Protection

• Cloud Security Controls

• Application Security

• Security Monitoring

Processes & Practices -

• Vulnerability Management Programmes

• Incident Response and Threat Assessment

• Emergency Patch Governance

• Risk-based Prioritisation (CVEs, exploit intelligence, asset criticality, business impact)

• Audit Support (internal assurance, penetration test follow-ups, external audits)

• Exception and exemption management

• Automation of manual tasks

• Dashboarding for risk and SLA metrics

What's on Offer -

• A leadership role with significant influence across a major UK organisation.
• Opportunity to work with a forward-thinking Cyber Services function pushing boundaries in vulnerability management.