We are seeking a highly skilled Vulnerability Management SME to join our security function and work alongside our established BAU Vulnerability Management Manager. This role is critical in maturing our clients tactical and strategic approach to vulnerability identification, remediation, and governance.
You will bring deep hands on experience in technical vulnerability management, combined with a strong understanding of the processes, technologies, and cultural drivers needed to embed secure practices across an organisation.
This is a high impact role suited to someone who can influence technical teams, guide remediation activity, and strengthen organisational resilience.
This role is Inside IR35, predominately remote, with occasional travel to client site.
Key Responsibilities
- Act as the Subject Matter Expert for vulnerability management across the organisation.
- Collaborate closely with the senior team to enhance and deliver the end to end VM programme.
- Provide expertise in tactical fixes, prioritisation, risk based remediation, and escalation pathways.
- Support and improve the full VM lifecycle: scanning, triage, assessment, reporting, and remediation.
- Work with infrastructure, cloud, application, and security engineering teams to drive timely resolution of vulnerabilities.
- Identify gaps in technology, process, and capability; propose and implement enhancements.
- Contribute to shaping VM related policies, standards, playbooks, and operating models.
- Help influence and uplift security culture across technical and non-technical teams.
- Produce meaningful reporting and metrics for technical stakeholders, leadership, and governance forums.
- Ensure all VM activities comply with relevant regulations, frameworks, and internal security requirements.
Skills & Experience
- Current SC Clearance (essential).
- Proven experience as a Vulnerability Management Specialist / SME in a complex enterprise environment.
- Strong understanding of vulnerability scanning technologies (e.g., Tenable, Qualys, Rapid7, etc.).
- Practical background in tactical remediation, risk based prioritisation, and driving fixes across dispersed teams.
- Ability to translate technical vulnerabilities into business focused risk language.
- Experience improving process maturity, documentation, workflows, and operating models.
- Strong stakeholder management and the ability to influence technical and non-technical audiences.
- Knowledge of secure configuration standards, patch management processes, and common attack vectors.
- Familiarity with DevOps, cloud platforms, and modern infrastructure environments is highly desirable.
About Korn Ferry
Korn Ferry unleashes potential in people, teams, and organizations. We work with our clients to design optimal organization structures, roles, and responsibilities. We help them hire the right people and advise them on how to reward and motivate their workforce while developing professionals as they navigate and advance their careers. To learn more, please visit Korn Ferry at www.Kornferry.com
