Vulnerability Management Specialist

Vulnerability Management Specialist - £650 per day - Inside IR35 - Remote with occasional travel - 3 months initial contract on a 1.5 to 2 year programme of work. Extension is highly likely.

My client, one of the UK's largest producers of ZERO CARBON energy, is looking for an experienced Vulnerability Management Specialist to support the delivery and maturity of their organisation-wide vulnerability management capability.

This role sits at the heart of a large-scale security operation and will focus on ensuring vulnerabilities are effectively identified, assessed, prioritised, tracked, and remediated across a complex, multi-team environment.

You will work closely with security, infrastructure, governance, product, service owners, and remediation teams to turn vulnerability findings into clear, risk-based actions and ensure end-to-end traceability through to closure or formal risk acceptance.

Key Responsibilities-

Vulnerability Discovery & Asset Visibility-

Maintain and manage vulnerability intake sources and tracking logs
Support the development and upkeep of asset coverage and scope registers
Identify gaps in scanning coverage (unknown, unowned, or unmanaged assets)
Support onboarding of new services and assets into vulnerability tooling and processes

Assessment & Prioritisation -

Triage and risk-prioritise vulnerability findings across the enterprise
Maintain a structured, risk-ranked vulnerability backlog
Identify and escalate critical, exploitable, and high-risk vulnerabilities
Assign ownership to relevant technical and business teams
Support threat-led vulnerability analysis where applicable

Reporting & Stakeholder Communication -

Produce regular vulnerability reporting (weekly, monthly, quarterly)
Build tailored remediation outputs for technical teams
Prepare executive and governance reporting packs
Track SLA performance, aged vulnerabilities, and remediation progress
Ensure clear evidence of reporting distribution and stakeholder engagement

Remediation Management -

Maintain remediation tracking and follow-up logs
Drive resolution of overdue vulnerabilities through engagement and escalation
Coordinate with resolver teams to ensure timely closure of findings
Support remediation and vulnerability review forums

Exception & Risk Management -

Manage vulnerability exception and exemption processes
Maintain risk acceptance documentation and governance records
Track compensating controls and expiry/renewal dates
Support preparation of governance approval packs

Verification & Closure -

Validate remediation via re-scans and supporting evidence
Maintain accurate closure records suitable for audit
Ensure vulnerability status updates are current and traceable
Provide closure summaries for reporting and governance

Governance & Continuous Improvement -

Support KPI/KRI and SLA reporting dashboards
Contribute to governance meetings and reporting cycles
Maintain action logs and continuous improvement backlog
Support improvements in data quality, ownership, and workflow consistency

Key Skills & Experience -

Proven experience delivering end-to-end enterprise vulnerability management
Strong working knowledge of TenableOne
Experience with AWS Inspector
Advanced Excel skills for analysis, tracking, and reporting
Strong stakeholder engagement skills across technical and non-technical audiences
Experience producing governance reporting, audit evidence, and remediation tracking in large organisations