Vulnerability Management Specialist - Quilter in Southampton

Fixed Term Contract Duration - 12 Months

About the Business

Quilter plc is a leading provider of financial advice, investments and wealth management, committed to being the UK's best wealth manager for clients and their advisers. Quilter oversees £141.9 billion in customer investments (as of 31 March 2026). It has an adviser and customer offering spanning financial advice, investment platforms, multi-asset investment solutions, and discretionary fund management. The business is comprised of two segments: Affluent and High Net Worth.

At Quilter we never stand still. Our foundations are rooted in our extraordinary expertise, which is trusted by hundreds of thousands of customers, but we have great ambitions to stay one step ahead and make an even greater difference to the people and communities we serve. Our business is transforming, continually modernising, and becoming even more customer centric. So, if you want to be bold in the pursuit of your ambitions, bring new ideas, and challenge and evolve what we do, it's the perfect time to join us!

About the Role

Level: 4

Department: Security Operations (Information Security)

Reports to: Head of Security Operations

Location: Southampton / London / England - Home Worker

Contract Type: Fixed Term contract - 12 months

At Quilter, we're strengthening our exposure management capability across on-prem, cloud and externally facing estate. This role is central to driving a risk-based vulnerability management programme - combining high-quality scanning and asset insight with cloud posture and attack surface intelligence - so that remediation is prioritised where it matters most and delivered with pace and measurable outcomes.

The Vulnerability Management Specialist is responsible for the end-to-end vulnerability management lifecycle, including detection, triage, prioritisation, tracking and assurance of remediation across infrastructure, endpoints, applications and cloud platforms. The role also supports Cloud Security Posture Management (CSPM) activities, including monitoring of cloud security benchmark compliance and CSPM attack paths, and integrates Attack Surface Management findings to reduce exposure from unknown or unmanaged internet-facing assets.

The successful candidate will be hands-on with enterprise vulnerability tooling and will partner closely with infrastructure, cloud engineering, application teams and third parties to ensure remediation is delivered within defined service levels and supported by clear reporting and governance.

Key Responsibilities

• Vulnerability Detection, Triage & Prioritisation: Operate and continuously improve vulnerability scanning and prioritisation using Qualys VMDR and associated capabilities. Perform daily/weekly triage of new and emerging vulnerabilities, validating detections and ensuring severity and urgency reflect exploitability, asset criticality, business impact, patch availability and compensating controls.
• Cloud Security Posture Management (Azure focus): Own day-to-day CSPM triage and oversight, ensuring cloud posture findings are actionable, risk-rated and routed to the correct engineering owners for remediation.
• Attack Surface Management & Exposure Reduction: Ingest and operationalise Attack Surface Management findings to identify and reduce risk from internet-facing assets, unknown services, misconfigurations and unmanaged exposure.
• Remediation Oversight, Governance & Assurance: Drive remediation outcomes through structured engagement with platform, infrastructure, application, endpoint and cloud teams.
• Reporting, Metrics & Stakeholder Communication: Produce clear, accurate reporting for operational teams and leadership, including trends, SLA performance, backlog health, and risk-based prioritisation views.
• Process & Continuous Improvement: Follow and continuously improve established vulnerability and CSPM processes, ensuring the operating cadence remains effective and measurable.

Key Stakeholders: Security Operations / Detection Engineering, Cyber Threat, Infrastructure & Platform and Cloud Engineering, Application Owners, End User Computing, Risk & Governance partners, and relevant third-party suppliers/MSSPs.

About You

Essential:

• Significant hands-on experience operating enterprise vulnerability management tooling, with deep expertise in Qualys (VMDR) across complex environments.
• Strong experience with Azure CSPM operations: triage, prioritisation, remediation routing, and assurance.
• Practical experience with Attack Surface Management concepts and workflows.
• Deep understanding of how code-based and software component vulnerabilities are discovered, exploited, and weaponised.
• Proven ability to run a risk-based vulnerability programme.
• Confident communicator who can explain technical vulnerabilities, exploitation likelihood, and remediation options to varied audiences.

Desirable:

• Experience integrating vulnerability management with broader security tooling and control frameworks.
• Experience in regulated environments, with evidence-led reporting and governance expectations.

Qualifications / Certifications (optional but beneficial): Relevant security certification(s) (e.g., CISSP/CCSP, Azure Security, vulnerability management or cloud security certifications).

Inclusion & Diversity: We value diversity and strive to promote inclusivity in all aspects of our culture. We believe in equal opportunities for all, ensuring that no applicant encounters less favourable treatment based on anything but their skills, qualifications, experience, and potential.

Values: Do the right thing, Always curious, Embrace challenge, Stronger together.

Core Benefits: Holiday: 182 hours (26 days), Quilter Incentive Scheme, Pension Scheme, Healthcare Cash Plan, Benefit Allowance.