Cyber Threat & Vulnerability Analyst

We’re looking for a Cyber Threat & Vulnerability Analyst to join our Cyber Security team, helping protect the systems that deliver essential water services to millions of customers every day. You’ll play a key role in identifying, assessing, and reducing cyber risk across a large and complex technology estate, making sure vulnerabilities are understood, prioritised, and fixed before they can be exploited.

Base location:
Reading – Clearwater Court

Working pattern or hours: 36 hours Monday to Friday, hybrid working

• Support end-to-end vulnerability management across IT and operational technology environments
• Help shape and improve threat and vulnerability management processes, frameworks, and ways of working
• Work with technical and business teams to prioritise and remediate vulnerabilities based on risk
• Investigate new vulnerabilities and recommend clear, practical mitigation actions
• Support integration of vulnerability scanning tools into existing systems and processes
• Build and maintain dashboards that show cyber risk, trends, and remediation progress in a clear way
• Contribute to threat assessments and support proactive threat hunting activities
• Help ensure alignment with standards such as General Data Protection Regulation, Payment Card Industry Data Security Standard, Network and Information Systems Regulations, and International Organization for Standardization 27001
• Monitor vulnerability management tools and processes, identifying ways to improve effectiveness and reduce risk

Must be eligible to obtain Counter Terrorist Check security clearance.

• Experience supporting vulnerability management, patching, or cyber risk reduction in a complex environment
• Understanding of cyber security concepts, including vulnerability management and threat assessment approaches
• Ability to work with technical teams to support remediation of security issues
• Experience or understanding of security tooling such as vulnerability scanners or similar technologies
• Ability to communicate technical issues clearly to both technical and non‑technical audiences
• Awareness of how security risks are managed across different technology environments (for example cloud, servers, end‑user devices, or operational systems)
• A relevant cyber security qualification or industry certification such as Certified Information Systems Security Professional, Certified Information Security Manager, or Certified Cloud Security Professional

• Experience working with large enterprise or critical infrastructure environments
• Familiarity with threat intelligence or threat modelling approaches
• Experience supporting or improving security processes and governance
• Exposure to operational technology or legacy infrastructure environments
• Additional cyber security certifications such as Certified Threat Intelligence Analyst, Certified Vulnerability Assessor, Offensive Security Certified Professional, or similar

• Competitive salary up to £65,000 per annum depending on experience
• Annual Leave – 26 days holiday per year increasing to 30 with length of service (plus bank holidays)
• Performance‑related pay plan directly linked to company performance measures and targets
• Generous Pension Scheme through AON
• Access to a range of benefits to support health and wellbeing, including annual health MOTs, physiotherapy and counselling, Cycle to Work schemes, shopping vouchers and life assurance