Threat and Vulnerability Management Consultant
Posted 2 days ago by Barclay Simpson Recruitment
Negotiable
Outside
Hybrid
Hybrid-WFH/London 2 day a week, UK
Summary: Threat and Vulnerability Management Consultant needed for a regulatory body, focusing on enhancing vulnerability management processes through AI-driven capabilities and best practices. The role involves assessing current tooling and reporting capabilities, identifying automation opportunities, and improving threat exposure visibility. The successful candidate will engage with various teams to modernize VM processes and produce clear reporting for stakeholders. This position is hybrid, requiring two days a week in London.
Key Responsibilities:
- Review and assess current Vulnerability Management processes, tooling, and telemetry across enterprise environments
- Engage with Security Operations teams and Product Groups to identify process improvements and automation opportunities
- Evaluate and enhance existing tooling including Qualys, Microsoft Defender, CrowdStrike, and cloud-native security capabilities
- Support the testing, implementation, and optimisation of AI capabilities within the VM lifecycle
- Improve threat exposure visibility, KEV intelligence integration, and continuous assurance reporting
- Produce clear reporting and recommendations for both technical teams and executive stakeholders
- Contribute to the development of scalable, proactive VM capabilities aligned to evolving threat landscapes and offensive AI trends
Key Skills:
- Proven experience as a Threat Exposure or Vulnerability Management Analyst/SME
- Strong technical understanding of end-to-end Vulnerability Management processes
- Hands-on experience across Azure and AWS cloud environments
- Experience with VM and security tooling such as Qualys, Microsoft Defender, CrowdStrike, and cloud-native platforms
- Broad understanding of AI technologies and their application within cybersecurity and VM processes
- Ability to work autonomously and proactively drive initiatives forward
- Strong stakeholder engagement and communication skills, with experience presenting findings to both technical and senior audiences
Salary (Rate): undetermined
City: London
Country: UK
Working Arrangements: hybrid
IR35 Status: outside IR35
Seniority Level: undetermined
Industry: IT
Threat and Vulnerability Management Consultant required for a regulator. This role will focus on assessing current VM tooling, telemetry, and reporting capabilities, while identifying opportunities to enhance automation, exposure visibility, KEV intelligence integration, and executive-level assurance reporting. The successful candidate will play a key role in modernising VM processes through the adoption of AI-driven capabilities and best-practice security operations.
Key Responsibilities
- Review and assess current Vulnerability Management processes, tooling, and telemetry across enterprise environments
- Engage with Security Operations teams and Product Groups to identify process improvements and automation opportunities
- Evaluate and enhance existing tooling including Qualys, Microsoft Defender, CrowdStrike, and cloud-native security capabilities
- Support the testing, implementation, and optimisation of AI capabilities within the VM lifecycle
- Improve threat exposure visibility, KEV intelligence integration, and continuous assurance reporting
- Produce clear reporting and recommendations for both technical teams and executive stakeholders
- Contribute to the development of scalable, proactive VM capabilities aligned to evolving threat landscapes and offensive AI trends
Required Skills & Experience
- Proven experience as a Threat Exposure or Vulnerability Management Analyst/SME
- Strong technical understanding of end-to-end Vulnerability Management processes
- Hands-on experience across Azure and AWS cloud environments
- Experience with VM and security tooling such as Qualys, Microsoft Defender, CrowdStrike, and cloud-native platforms
- Broad understanding of AI technologies and their application within cybersecurity and VM processes
- Ability to work autonomously and proactively drive initiatives forward
- Strong stakeholder engagement and communication skills, with experience presenting findings to both technical and senior audiences
Desirable Experience
- Experience implementing automation within security operations or VM programmes
- Knowledge of KEV intelligence and threat prioritisation frameworks
- Exposure to continuous assurance or executive cyber reporting initiatives