Vulnerability Management Specialist

About the Business

Quilter plc is a leading provider of financial advice, investments, and wealth management. It oversees £141.9billion in customer investments and serves affluent and high net‑worth clients with financial planning, investment platforms, multi‑asset solutions and discretionary fund management.

Level: 4
• Department:
Security Operations (Information Security)
•

Reports to:

Head of Security Operations
•

Location:

Southampton / London / England – Home Worker
• Contract Type:
Fixed Term 12 months

The Vulnerability Management Specialist will drive a risk‑based vulnerability management programme across on‑prem, cloud and external estate, prioritising remediation and delivering measurable outcomes.

• Operate and continuously improve vulnerability scanning and prioritisation using Qualys VMDR and associated capabilities, performing daily/weekly triage of new and emerging vulnerabilities, applying consistent severity mapping, and keeping up to date with emerging threats.
• Own day‑to‑day CSPM triage and oversight, ensuring cloud posture findings are actionable, risk‑rated, and routed for remediation. Monitor compliance against cloud benchmarks and track “attack path” findings to closure.
• Ingest and ope rationalise Attack Surface Management findings to identify and reduce risk from internet‑facing assets, unknown services and misconfigurations, working with infrastructure, cloud and network teams to validate exposure and drive remediation or risk acceptance.
• Drive remediation outcomes through structured engagement with platform, infrastructure, application, endpoint and cloud teams, maintaining an exception and risk‑acceptance approach for non‑remediated vulnerabilities and overseeing major disclosure and zero‑day responses.
• Produce accurate reporting and stakeholder communication, including trends, SLA performance, backlog health, and risk‑based prioritisation views, translating technical exposure into business impact.
• Continuously improve vulnerability and CSPM processes, ensuring effective cadence and maintaining playbooks/runbooks for disclosure response.

• Security Operations / Detection Engineering, Cyber Threat, Infrastructure & Platform and Cloud Engineering, Application Owners, End User Computing, Risk & Governance partners, and relevant third‑party suppliers/MSSPs

• Hands‑on experience operating enterprise vulnerability management tooling, especially Qualys VMDR, across complex environments.
• Strong experience with Azure CSPM operations, including triage, prioritisation, remediation routing, and assurance.
• Practical experience with Attack Surface Management concepts and workflows, validating exposed assets and driving remediation.
• Deep understanding of code‑based and software component vulnerabilities and their exploitability.
• Proven ability to run a risk‑based vulnerability programme, with stakeholder management, remediation tracking and clear reporting.
• Excellent communicator able to explain technical vulnerabilities and remediation options to varied audiences.

• Experience integrating vulnerability management with broader security tooling and control frameworks.
• Experience in regulated environments, with evidence‑led reporting and governance expectations.

• Relevant security certification(s) such as CISSP/CCSP, Azure Security, vulnerability management or cloud security certifications.

• Holiday: 182 hours (26 days)
• Quilter Incentive Scheme: eligibility for all employees to incentivise business performance.
• Pension Scheme: non‑contributory company pension that can be boosted through personal contributions.
• Healthcare Cash Plan: available to Jersey employees.
• Benefit Allowance: cash benefit allowance payable in lieu of some core benefits.
• Flexible benefits available to UK employees via salary deduction.

We value diversity and promote inclusivity. We provide equal opportunities to all applicants and encourage a respectful, nurturing environment for everyone. We are committed to treating all job applicants fairly and with respect, welcoming people regardless of belief, culture, gender identity, ethnicity, sexual orientation or disability. Reasonable adjustments for the recruitment process are available upon request.