Security Incident & Vulnerability Management Consultant

The Security Incident & Vulnerability Management Consultant operates within the Operational Integrator (OI) function to support the transition to a multi-supplier (SIAM) model within a Defence environment.

The role focuses on understanding, aligning and governing existing high-severity security incident management (S3/S4) and vulnerability management processes across suppliers. Ensuring a consistent, risk-based approach in line with client policy and regulatory requirements, supported by appropriate evidence.

The outcome is a coherent, evidence-driven view of security risk, covering both active incidents and underlying vulnerabilities, with processes standardised and ready for BAU handover.

This is a governance and coordination role, not a hands-on SOC, incident response, or vulnerability remediation function.

Key Responsibilities

Governance & Process Alignment

Review and align existing supplier processes for:

• High-severity incident management (S3/S4)
• Vulnerability management, across suppliers from existing processes

Ensure processes are:

• Consistent across suppliers
• Aligned to client policy and regulatory requirements

Establish and govern:

• Incident severity classification and escalation thresholds
• Vulnerability prioritisation approaches (e.g. CVSS, KEV, EPSS)
• Exception and risk acceptance processes

Supplier Coordination (SIAM Model)

• Coordinate multiple suppliers to ensure consistent handling of incidents and vulnerabilities
• Act as the integration point across suppliers, aligning outputs without redesigning underlying processes into a common model
• Identify and manage gaps in process maturity, coverage, data quality and Compliance with standards
• Incident Management (S3/S4 Focus)
• Govern the lifecycle of high-severity incidents, including escalation, coordination, communication and reporting
• Ensure suppliers:
• Detect and escalate incidents appropriately
• Meet defined escalation and communication expectations
• Maintain structured incident records
• Define and agree the required level of visibility from SOC outputs, without requiring direct tooling access

Vulnerability Management (SOC-led)

• Oversee the vulnerability lifecycle from identification through to closure
• Ensure vulnerabilities are:
• Prioritised consistently using agreed Client approaches
• Tracked through remediation or formal risk acceptance
• Validate, track and monitor:
• Remediation timelines and SLA adherence
• Handling of high risk vulnerabilities, exceptions and waivers
• Identify risks relating to:
• Incomplete asset coverage
• Obsolescent, legacy or non-patchable systems

Evidence & Assurance

• Define and align evidence requirements for both:
• Incident management (event, escalation, response, closure)
• Vulnerability management (identify, track, remediate, validate)
• Ensure outputs are:
• Consistent across suppliers
• Traceable to risks and controls
• Audit ready
• Provide assurance that both domains align with ISMS and control requirements

Reporting & Transition Support

• Support domain-specific reporting for:
• Major incidents (S3/S4)
• Vulnerability risk and remediation status
• Support governance forums with clear, evidence-based reporting
• Establish a transition baseline that enables a clean handover of processes to BAU without redesign

SC must have been actively used within the last 12 months and must have 3 months left on the clearance, Essential

• Experience in security incident management, vulnerability management, or cyber governance roles
• Strong understanding of:
• Incident management lifecycle (detect, respond, recover)
• Vulnerability lifecycle (identify, prioritise, remediate, validate)
• Experience working in multi-supplier or SIAM environments
• Ability to interpret outputs from SOC and vulnerability tooling without direct ownership

Desirable

• Familiarity with NIST CSF, NCSC or UK Government security guidance
• Experience in Defence sector or highly regulated environments
• Exposure to audit, assurance or ISMS processes
• ITIL alignment

Key Deliverables

• Standardised and aligned incident and vulnerability management processes
• Consistent supplier reporting and lifecycle governance
• Evidence models supporting audit and assurance
• Established transition baseline for BAU handover