Senior Vulnerability Management Engineer

Senior Vulnerability Management Engineer

Join Next as a Senior Vulnerability Management Engineer and focus on Vulnerability and Threat Management across the Next technology estate, with a particular emphasis on our Warehouse environment. You will help maintain awareness of new and emerging security threats and trends, while managing tools and processes that protect our assets.

In the Information Security team you will identify, assess, validate and communicate new vulnerabilities, ensure the vulnerability management process is followed, and collaborate with technical teams to provide guidance and recommend mitigation strategies. You will also manage our vulnerability scanning and reporting tools, administer the Bug Bounty programme, review incoming threat intelligence, and help coordinate responses to significant threats.

• Manage and maintain vulnerability scanning and risk reporting tools.
• Lead the planning, scoping, and delivery of key projects, communicating progress clearly.
• Complete security assessments and debrief key stakeholders on potential risks.
• Identify, execute, and support requirements as part of Red Team exercises.
• Triage, risk‑assess, log, and assign vulnerabilities to remediation teams.
• Support remediation teams with mitigation strategies.
• Assist the Incident Response team with investigation and resolution of security incidents.
• Create and maintain operational procedures, configuration and technical documentation.
• Maintain metrics and reports to demonstrate the effectiveness of our vulnerability management programme.
• Act as a subject‑matter expert and coordinate emergency remediation/mitigation efforts.
• Stay aware of new and emerging security threats and trends.
• Validate threat intelligence findings against our people, processes and technologies.
• Review threat intelligence and advise on recommended mitigation strategies.
• Mentor less experienced team members.

• Experience managing and maintaining a Vulnerability Management tool.
• In‑depth understanding of Information Security, including malware, emerging threats, attacks and vulnerability management.
• Proven IT experience with a deep understanding of network protocols, server infrastructure, and network segmentation.
• Windows Server and/or Linux experience.
• Ability to lead coordination of timely diagnosis and resolution of major issues.
• Adheres to and promotes high standards.
• Understanding and operating change management.
• Team player, hardworking and self‑motivated.
• Inquisitive and proactive in identifying security gaps.
• Effectively plans and prioritises workloads and reports on progress.
• Remains calm under pressure and clearly communicates to all levels of management.
• Excellent attention to detail.
• Knowledge of vulnerability and threat assessment frameworks: CVSS, CVE, CWE, OWASP, MITRE.
• OT (Operational Technology) management experience in vulnerability scanning.
• Competent at keeping up to date on CTI (Cyber Threat Intelligence).
• Desirable:
  
  Experience with PCI‑DSS or ISO
  27001, Retail environment experience, foundational cloud infrastructure knowledge, recognised security qualification, Dev Ops architecture & code scanning, offensive security, SCADA systems, threat intelligence platform management, and custom AI usage.

Next is a FTSE‑100 retail company employing over 35,000 people across the UK and Ireland. We are the UK’s second largest fashion retailer and a market leader in kidswear, with more than 500 stores and a global online presence.

• 25% off most NEXT, MADE®, Lipsy®, Gap®, and Victoria’s Secret® products (when purchased through NEXT).
• Company performance‑based bonus.
• Sharesave scheme.
• On‑site nursery.
• Early VIP access to sale stock.
• Access to discounted gym memberships, GP services and other wellbeing services.
• Free on‑site parking.

We aim to support all candidates during the application process and are happy to provide workplace adjustments when necessary. If you need support due to a disability or long‑term condition, please contact us at  (include “Workplace Adjustments” in the subject line) or call .