Enterprise Security Posture Management SME
Listed on 2026-07-07
-
IT/Tech
Cybersecurity, Information Security
Join our Proactive Defence team as an Enterprise Security Posture Management SME, leading capabilities across Attack Surface Management (ASM), Attack Path Management (APM), and Breach & Attack Simulation (BAS) within the CISO organization. You will drive a proactive, threat-informed approach to exposure management, helping the bank identify, prioritise, and reduce exploitable security risk through greater visibility, attack path analysis, and continuous control validation.
This role is critical to shifting from reactive vulnerability management to proactive exposure reduction by providing continuous visibility of the attack surface, mapping how attackers can move through the environment, and validating security controls through adversary simulation. In doing so, you will help the organization identify, prioritise, and reduce exploitable security risk in a way that is threat-informed, measurable, and directly tied to business impact.
To be successful in this role, you should have experience with:
- Attack surface discovery and asset attribution
Ability to continuously identify internet-facing assets, shadow IT, domains, subdomains, certificates, cloud services, APIs, SaaS exposures, third-party-hosted assets, and assets with unclear ownership - Risk-based exposure prioritisation
Ability to prioritise the most material exposures by combining exploitability, business criticality, asset ownership, threat intelligence, vulnerability data, and likelihood of attack - Threat-informed attack surface analysis
Ability to enrich attack surface findings with attacker techniques, active exploitation trends, KEV data, offensive security teams findings, and sector-specific threat intelligence
Highly valued skills for this role include:
- Hands-on experience with EASM/ASM platforms
Experience using tools such as external attack surface management, CAASM, vulnerability management, cloud posture, and exposure management platforms - Cloud, identity, SaaS, CI/CD and API exposure knowledge
Understanding of common attack surface risks across AWS, Azure, GCP, Entra , Active Directory, Kubernetes, APIs, internet gateways, and exposed management interfaces - Understanding of Breach and Attack Simulation techniques
Ability to use BAS outputs to validate whether identified exposures are exploitable, test control effectiveness, simulate attacker behaviours, and support evidence-based prioritisation
You may be assessed on the critical skills required for success in this role, including risk and controls, change and transformation, business acumen, strategic thinking, digital and technology, and job-specific technical skills.
Location:
Knutsford or Northampton
To keep our customers, clients, and colleagues safe by identifying cyber-vulnerabilities across the Bank, using a risk-based approach to prioritise them, and to drive effective remediation activity.
Accountabilities- Allocation of the correct risk rating and remediation prioritisation to a vulnerability based on industry standards for assessment, available threat intelligence concerning exploitation, the reachability of the host (or asset) and the value of the service(s) running on the impacted host.
- Development of vulnerability management operating model, policies and procedures to ensure consistency in vulnerability identification, remediation and reporting. Element owner of the Vulnerability Management Standard including Issues Management and Regulatory alignment.
- Communication of vulnerabilities to relevant parties including senior stakeholders, vendors, external security partners and affect business units using reports and dashboards and provide recommendations for improvement in vulnerability management practices.
- Collaboration with Threat intelligence and Cyber Operations teams to assess and contextualise exposure to latest threat trends and exploits and set appropriate remediation timescales.
- Definition of requirements and acceptance criteria for the implementation and maintenance of automation tools to streamline vulnerability management processes within operating systems and applications.
- Reporting of remediation status of Security Assurance Specialist team findings against Key Risk Indicators.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search: