Vulnerability Threat Engineer
Posted 1 day ago by Gazelle Global
Negotiable
Undetermined
Hybrid
Greater London, England, United Kingdom
Summary: The Cloud Vulnerability Specialist role involves managing vulnerabilities in a cloud-heavy environment, focusing on real risk and effective remediation rather than just generating reports. The position requires collaboration with Cloud, SOC, and Engineering teams, utilizing tools like Rapid7 CloudSec to enhance security measures. The specialist will also automate processes and track trends to prevent recurring issues. This hands-on contract role emphasizes practical solutions and measurable outcomes in vulnerability management.
Key Responsibilities:
- Running and tuning cloud vulnerability scans across AWS and GCP
- Analysing findings, prioritising based on real risk
- Working directly with engineers to fix vulnerabilities
- Owning Rapid7 CloudSec and improving its daily use
- Identifying and fixing gaps in tooling, process, and outcomes
- Automating repetitive work using Python or PowerShell
- Tracking trends to prevent recurring issues
- Producing clear metrics for leadership action
- Supporting security incidents by identifying vulnerability-driven root causes
Key Skills:
- Solid experience in vulnerability management in cloud environments
- Strong working knowledge of AWS and GCP security fundamentals
- Hands-on experience with Rapid7, Nessus, Qualys, or similar tools
- Risk-based prioritisation skills
Salary (Rate): undetermined
City: Greater London
Country: United Kingdom
Working Arrangements: hybrid
IR35 Status: undetermined
Seniority Level: undetermined
Industry: IT
Role: Cloud Vulnerability Specialist
Location: Reading
Contract: Contract
Working Model: Hybrid (on-site presence required)
Overview
We’re looking for a Cloud Vulnerability Specialist to take ownership of vulnerability management in a large, cloud-heavy environment. This is a hands-on contract role focused on finding real risk, prioritising what actually matters, and driving remediation , not just producing scan reports that go nowhere. You’ll be working closely with Cloud, SOC, and Engineering teams across AWS and GCP , using Rapid7 CloudSec and related tooling to reduce exposure in a measurable way.
What You’ll Actually Be Doing
- Running and tuning cloud vulnerability scans across AWS and GCP
- Analysing findings, cutting through the noise, and prioritising based on real risk
- Working directly with engineers to get vulnerabilities fixed, not ignored
- Owning Rapid7 CloudSec and improving how it’s used day to day
- Identifying gaps in tooling, process, and outcomes and fixing them
- Automating repetitive work using Python or PowerShell where it makes sense
- Tracking trends so the same issues don’t keep coming back
- Producing clear, usable metrics that leadership can actually act on
- Supporting security incidents by identifying vulnerability-driven root causes
What You Need to Be Good At
- Solid experience in vulnerability management in cloud environments
- Strong working knowledge of AWS and GCP security fundamentals
- Hands-on experience with Rapid7, Nessus, Qualys, or similar tools
- Risk-based prioritisation, not CVSS worship