Lead Vulnerability Analyst

Lead Vulnerability Analyst

Manchester (Remote)

Role Purpose

This is an exciting opportunity to join a dynamic security solutions team in which you will be responsible for the vulnerability management and delivery of a client security programme. As part of an ever-growing delivery team, you must have a passion for IT security as well as a desire to deliver a high-quality service to our client.

As a member of the team, you will be expected to have a solid knowledge of networking and cloud security concepts and be passionate about IT security. As part of the Vulnerability Management delivery team, you will be responsible for looking after the client’s scanning programmes, managing their on-going scanning needs, validating results and supporting them with remediation advice.

Summary

This is an opportunity to work in a fun and challenging environment, using market leading security testing tools and platforms to provide security testing services to our client. You will play a key role in building relationships with the client and ensuring that our services are meeting their needs. You will also be given every opportunity to help shape the direction of the service as well as assist with the development of the service.

• Serve as the primary point of contact for vulnerability management services and ensure alignment with the customer's objectives.
• Oversee prioritisation of vulnerabilities based on risk assessment and customer priorities.
• Conduct quarterly reviews of remediation policies to confirm they remain relevant and effective.
• Monitor remediation and scan policies for adherence to change management processes, escalating deviations where necessary.
• Perform and lead comprehensive gap analyses of remediation policies, identifying areas for improvement.
• Analyse scanning outputs not captured by remediation policies and ensure escalation of unaddressed vulnerabilities.
• Update and maintain remediation policies as required, following established change management processes.
• Track customer vulnerability remediation efforts and monitor security projects deviating from standard SLAs.
• Escalate tooling integration issues (e.g., JSM) and provide guidance on resolution.
• Ensure timely follow-up on remediation efforts and address SLA breaches with the customer.
• Coordinate and ensure deduplication vulnerability findings with existing remediation tickets.
• Mentor and provide technical guidance to the Junior Vulnerability Analyst and other team members.
• Prepare detailed reports and deliver insights to the customer and internal stakeholders.

What we are looking for in you

• Very good understanding and experience of common Linux and Windows operating systems
• Proven understanding and exposure to network security
• Proven understanding of cloud security concepts
• Experience
  • Significant experience in vulnerability management, information security, or a related role, with a proven track record in managing complex vulnerability remediation projects.
• Technical Skills
  • Deep understanding of vulnerability assessment tools (e.g., Nessus, Qualys, or similar).
  • Proficiency in JSM or similar ITSM tools for vulnerability tracking.
  • Knowledge of security frameworks and standards (e.g., NIST, CIS, ISO 27001).
• Leadership Skills
  • Experience leading teams and coordinating with multiple stakeholders.
  • Strong project management skills, with the ability to manage SLAs and timelines effectively.
• Communication Skills
  • Strong written and verbal communication skills for reporting and escalation.
  • Ability to liaise with technical and non-technical stakeholders.

Desirable competencies:

• Degree in Computer Science / Engineering or equivalent experience
• Understanding of cloud services, architecture, and technologies
• CPSA or higher qualifications desirable but not essential
• UK Security Check (SC) clearance is desirable but not essential

Ways of working

Focusing on Clients and Customers.

Working as One NCC.

Always Learning.

Being Inclusive and Respectful. 

Delivering Brilliantly.

Our company

At NCC Group, our mission is to create a more secure digital future. That mission underpins everything we do, from our work with our incredible clients to groundbreaking research shaping our industry. Our teams' partner with clients across a multitude of industries, delving into, securing new products, and emerging technologies, as well as solving complex security problems. As global leaders in cyber and escrow, NCC Group is a people-powered business seeking the next group of brilliant minds to join our ranks.

Our colleagues are our greatest asset, and NCC Group is committed to providing an inclusive and supportive work environment that fosters creativity, collaboration, authenticity, and accountability. We want colleagues to put down roots at NCC Group, and we offer a comprehensive benefits package, as well as opportunities for learning and development and career growth. We believe our people are at their brilliant best when they feel bolstered in all aspects of their well-being, and we offer wellness programs and flexible working arrangements to provide that vital support. 

Come join us?

What do we offer in return?

We have a high-performance culture which is balanced evenly with world-class well-being initiatives and benefits:

⏰Flexible working

💸 Financial & Investment

Pension

Life Assurance

Share Save Scheme

Maternity & Paternity leave

🙋🏾Community & Volunteering Programmes

⚡ Green Car Scheme

🚴 Cycle Scheme

🧑🏻‍🤝‍🧑🏻 Employee Referral Program

🧘🏻 Lifestyle & Wellness

🎓 Learning & Development

👨🏿‍🦽 Diversity & Inclusion

So, what’s next?

If this sounds like the right opportunity for you, then we would love to hear from you! Click on apply to this job to send us your CV and cover letter and the relevant member of our global talent team will be in touch with you. Alternatively send your details to [email protected] .

About your application

We review every application received and will get in touch if your skills and experience match what we’re looking for. If you don’t hear back from us within 10 days, please don’t be too disappointed – we may keep your CV on our database for any future vacancies and we would encourage you to keep an eye on our career opportunities as there may be other suitable roles.

If you do not want us to retain your details, please email [email protected]. All personal data is held in accordance with the NCC Group Privacy Policy (candidate-privacy-notice-261023.pdf (nccgroupplc.com)). We are committed to diversity and flexibility in the workplace. If you require any reasonable adjustments to support you during the application process, please tell us at any stage.

Please note that this role involves mandatory pre-employment background checks due to the nature of the work NCC Group does. To apply, you must be willing and able to undergo the vetting process. This role being advertised will be subject to BS7858 screening as a mandatory requirement.