Threat & Vulnerability Engineer - 12 Months - London

Role Overview

We are looking for a Threat and Vulnerability Management Engineer to join on a 12-month office-based contract in London. The role sits within the TVM function across a large EMEA banking environment, integrating secure practices into the development lifecycle, and serving as a central point of coordination for vulnerability-related activities across the organisation.

Key Responsibilities

• Support the design, development, and management of the TVM strategy and roadmap, contributing to KRI, KPI, and MI reporting for senior management
• Deliver routine and out-of-band security patch deployments, automating patch processes, and triaging vulnerabilities into Fix, Acknowledge, and Investigate categories
• Manage and report on vulnerabilities using ServiceNow Application Vulnerability Response (AVR) and Vulnerability Response (VR) modules, integrating with dashboards and workflows for visibility and accountability
• Collaborate with application teams, Cyber Security, and IT Risk to ensure timely remediation of vulnerabilities, prioritising using SAST and SCA tooling results, and supporting internal and external audit engagements
• Build relationships across Bank and Securities functions, contributing to staff cyber education initiatives and embedding a proactive security culture across the organisation

Skills

• Hands-on experience in threat and vulnerability management within infrastructure and cloud environments (AWS, Azure, Oracle), with proficiency in scanning tools including Tenable, Qualys, Rapid7, and Veracode
• Strong knowledge of Ivanti LANDesk, Qualys, Splunk, Windows Server, RHEL/OEL Linux, and Scripting in PowerShell and Python, with experience implementing automated vulnerability and patch management solutions
• Deep understanding of security frameworks (NIST, ISO 27001), threat intelligence analysis, and risk management including vulnerability prioritisation, penetration testing, and incident response
• Experience using ServiceNow SecOps modules (AVR/VR) and familiarity with SAST and SCA tooling for application vulnerability management
• Strong communication skills with the ability to translate technical risks for both technical and non-technical stakeholders - desirable: CISSP and/or CISM certification

Contract Details

• Duration: 12 months
• Day Rate: £400 Per Day - £450 Per Day (Inside IR35)
• Location: London
• Start Date: ASAP

• Hands-on experience in threat and vulnerability management within infrastructure and cloud environments (AWS, Azure, Oracle), with proficiency in scanning tools including Tenable, Qualys, Rapid7, and Veracode
• Strong knowledge of Ivanti LANDesk, Qualys, Splunk, Windows Server, RHEL/OEL Linux, and Scripting in PowerShell and Python, with experience implementing automated vulnerability and patch management solutions
• Deep understanding of security frameworks (NIST, ISO 27001), threat intelligence analysis, and risk management including vulnerability prioritisation, penetration testing, and incident response
• Experience using ServiceNow SecOps modules (AVR/VR) and familiarity with SAST and SCA tooling for application vulnerability management
• Strong communication skills with the ability to translate technical risks for both technical and non-technical stakeholders - desirable: CISSP and/or CISM certification