We’re looking for a skilled Vulnerability Management Engineer to play a key role in strengthening vulnerability management across IT and OT environments. You’ll be responsible for operationalising risk-based vulnerability processes, improving visibility of exposure across sites, and embedding automated, standards-aligned reporting into day-to-day operations. This is a hands-on role that works closely with site teams, security stakeholders, and operations to reduce risk in complex, distributed environments.

‍

• Operationalise vulnerability management using a risk-based prioritisation approach. Develop and maintain OT site DMZ vulnerability dashboards aligned with NIST frameworks.
• Identify sites operating flat network architectures and assess associated risks.
• Conduct site engagement activities, including on-site visits where required, to validate network and vulnerability findings.
• Enhance operational metrics, reporting, and overall risk visibility across IT and OT estates.
• Automate vulnerability management processes and integrate outputs with orchestration tools and SIEM platforms.

‍

Your Approach

• Assess existing vulnerability management processes and identify gaps in coverage, prioritisation, and reporting.
• Apply risk context to vulnerability data to support meaningful remediation decisions.
• Design and deliver dashboards that provide clear, actionable insight for operational and security stakeholders.
• Work with site and central teams to improve network segmentation and reduce exposure caused by flat networks.
• Drive automation initiatives to streamline vulnerability detection, reporting, and response workflows.
• Maintain accurate documentation of vulnerability processes, metrics, and improvement actions.

• Proven experience in vulnerability management, cyber security engineering, or related disciplines.
• Strong understanding of vulnerability scanning, risk-based prioritisation, and remediation workflows.
• Knowledge of IT and OT environments, including DMZ architectures and segmentation principles.
• Familiarity with security frameworks such as NIST and their application in operational environments.
• Experience integrating vulnerability tools with SIEM and orchestration platforms.
• Strong communication skills, with the ability to translate technical risk into operational insight.
• Willingness to engage with sites directly, including on-site assessments where required.
• Experience in OT environments is highly advantageous, though not essential.