Threat and Vulnerability Manager - Newport in Edinburgh

This role is for an experienced professional in vulnerability management and threat intelligence to join our Cyber Operations team. You will work closely with colleagues across the organisation to further mature and continuously improve our cyber defence capabilities. Cyber Operations forms part of a wider, well established security function operating within a highly regulated environment.

In this role, you will lead and continuously enhance the management of vulnerability assessments across our hybrid IT estate. You will prioritise remediation activities using a risk based, threat informed approach, collaborating with stakeholders to strengthen the security posture of our systems and services. You will also develop and mature our threat intelligence capability, identifying and maintaining relevant intelligence sources to inform tactical, operational, and strategic decision making. You will produce and share high quality threat intelligence products with internal and external stakeholders and use this intelligence to support vulnerability management and threat hunting activities. Additionally, you will contribute to incident response processes and provide support to colleagues responsible for the IPO's protection, detection, and response capabilities.

If you have strong relevant expertise, excellent communication skills and a collaborative working style we would love to hear from you.

Main duties consist of but are not limited to:

• Vulnerability Management (Primary Focus)
  • Lead and enhance the organisation's vulnerability management programme, including our Penetration Testing programme across a complex hybrid IT environment covering both infrastructure and applications.
  • Prioritise vulnerabilities using a risk-based, threat-informed approach to support organisational objectives, regulatory requirements, and audit needs.
  • Oversee the full lifecycle of vulnerabilities, including triage, mitigation planning, remediation recommendations, and stakeholder coordination.
  • Develop and maintain vulnerability management policies, procedures, standards, and best practice guidance.
• Threat Intelligence
  • Produce high quality tactical, operational, and strategic intelligence assessments and briefings using analysis and interpretation of current threat intelligence.
  • Utilising and liaising with internal stakeholders, commercial sources, open-source intelligence and government partners to provide a rounded, comprehensive view of the current threat landscape.
  • Lead initiatives to strengthen the organisation's intelligence capability and participate in information sharing communities.
• Cyber Risk Management
  • Play an integral part in Cyber Security risk management, conducting risk and threat assessments aligned with regulations.
  • Using your knowledge of standards and expertise to support our stakeholders by providing pragmatic and proportionate advice and best practice guidance.

Please be aware that only one application per candidate is permitted for each recruitment campaign. Multiple applications may result in your application being withdrawn or rejected at any stage of the process.

Successful candidates must undergo a criminal record check and meet the security requirements before they can be appointed.

This job is broadly open to UK nationals, nationals of the Republic of Ireland, nationals of Commonwealth countries who have the right to work in the UK, and nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein with settled or pre-settled status under the European Union Settlement Scheme (EUSS).

The Civil Service embraces diversity and promotes equal opportunities. We run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.