Threat and Exposure Management SME

Threat & Exposure Management Consultant

Start: ASAP
Duration: 6-12 months
Location: London (2-3 days per week)
Pay: negotiable DoE, INSIDE IR35

The Role
We are seeking an experienced Threat & Vulnerability Management Specialist to lead the end-to-end process of identifying, assessing, and remediating security vulnerabilities across IT and cloud platforms. This role acts as a critical link between security operations and business stakeholders, ensuring the organisation remains resilient against evolving cyber threats.

Key Responsibilities
- Lead the vulnerability management life cycle: assessment, risk analysis, prioritisation, and remediation tracking
- Monitor the threat landscape and provide timely intelligence to reduce risk exposure
- Support incident response efforts through threat attribution, malware analysis, and defensive recommendations
- Conduct proactive threat hunting and investigation using known TTPs
- Utilise tools such as CrowdStrike Falcon for detection, endpoint protection, and exposure management
- Communicate threat insights and remediation plans to both technical and non-technical stakeholders
- Maintain relevant documentation, risk metrics, and support the development of threat processes

Essential Skills & Experience
- Strong technical background with Scripting ability (eg Python)
- Proven threat hunting experience and malware analysis skills
- Good understanding of OWASP Top 10, DevSecOps threats, and cloud architectures (Azure, AWS)
- Experience with vulnerability management, incident response, and security operations tools (eg ServiceNow, Remedy)
- Familiarity with operating systems (Windows, Linux, Unix), databases (SQL, Oracle, Mongo), and cloud-based security controls
- Strong communication skills, both written and verbal
- Proficient in producing documentation, dashboards, and reporting
- Hands-on experience with CrowdStrike Falcon and associated modules

Desirable
- 3-5+ years in threat or vulnerability management, DevSecOps, or penetration testing
- Experience in agile environments and cross-functional teams
- Knowledge of cloud security best practices
- Industry certifications such as OSCP, CRTO, GPEN, AWS/Azure Security Certifications