Vulnerability Analyst

Job Title: Vulnerability Analyst

Location: London / Hybrid

Client: Tier 1 Banking Institution

Employer: Leading Global Consultancy

Role Description

This position sits within a critical cyber security function supporting a Tier 1 banking client, where the volume and complexity of security findings demand a disciplined, risk-based approach rather than blind remediation. You will be responsible for triaging and validating security findings across a large-scale enterprise estate, ensuring that effort is focused on genuine risk rather than noise. The role plays a key part in maintaining the organisation’s security posture by driving accountability, enforcing SLA adherence, and ensuring audit readiness at all times. Working across infrastructure, cloud, and application environments, you will engage with multiple engineering teams to ensure vulnerabilities are properly understood, prioritised, and resolved. You will also have access to enterprise-grade tooling and mature security frameworks, giving you exposure to how large financial institutions operate at scale. In reality, this is less about running scans and more about controlling chaos.

Key Responsibilities

• Perform risk-based triage and validation of security findings across the estate
• Identify and manage false positives to improve accuracy and efficiency of remediation efforts
• Track vulnerabilities through to remediation, ensuring clear ownership and accountability
• Enforce SLA governance and ensure adherence across all remediation activities
• Produce and maintain security metrics and performance reporting
• Support audit readiness through accurate documentation and evidence tracking
• Coordinate with infrastructure, cloud, and application teams to drive resolution
• Maintain clear and structured documentation for security operations and governance
• Highlight systemic issues and recurring vulnerabilities to improve long-term posture
• Contribute to continuous improvement of vulnerability management processes

Key Skills, Knowledge and Experience

• Strong experience in vulnerability triage and risk-based assessment
• Proven ability to manage false positives and prioritise genuine threats
• Experience tracking remediation activities across complex environments
• Solid understanding of SLA governance and performance metrics
• Experience supporting audit processes and compliance requirements
• Ability to work across infrastructure, cloud, and application domains
• Strong stakeholder management and coordination skills
• Clear and concise reporting capability for both technical and non-technical audiences
• Understanding of enterprise security operations and governance frameworks
• Analytical mindset with strong attention to detail

Person Specification

• Confident in holding teams accountable for remediation delivery
• Strong communicator who can simplify complex security issues
• Pragmatic and commercially aware approach to risk
• Comfortable operating in high-pressure, enterprise environments
• Detail-focused without becoming process-bound
• Collaborative, but not afraid to challenge when needed

Why This Role

If you enjoy sitting behind a tool running scans all day, this is not for you. This role is about judgement, influence, and driving outcomes in an environment where security noise is constant and prioritisation is everything. You will be at the centre of a major banking security programme, shaping how risk is understood and managed in practice, not just on paper.