Vulnerability Manager

About the Role

You’ll act as the central coordination and risk authority for vulnerability activity—working closely with engineering and platform teams who remain accountable for remediation delivery. This role needs a strong technical foundation and the ability to build, lead and develop a vulnerability management team, setting clear ways of working, coaching capability and scaling our coverage and reporting as we grow.

What you will be doing:

• Own and continuously improve the end-to-end vulnerability management lifecycle across legacy, cloud, containerised and third‑party environments.
• Operate and coordinate the Security Penetration Testing Framework, ensuring a consistent risk‑led approach to scope, frequency, execution, retesting and closure.
• Triage, prioritise and track vulnerabilities and pen test findings—ensuring clear ownership, progress visibility and timely escalation of unmanaged risk.
• Govern risk acceptance/exceptions, compensating controls and evidence for audit and regulatory scrutiny.
• Own reporting (risk posture, trends, coverage, performance) for senior stakeholders and governance forums.
• Drive improvements in tooling, data quality, asset coverage and testing scope—working with suppliers and internal teams.
• Establish a sustainable vulnerability management team (hiring, onboarding, performance, coaching).

Essential Skills and Experience:

• Strong experience coordinating vulnerability management and security penetration testing in complex enterprise environments.
• Demonstrable technical background (e.g., application/infrastructure security, cloud security, vulnerability assessment and remediation validation) with the capability to hire, lead and develop a high‑performing vulnerability management team.
• Solid understanding of penetration testing methodologies and assurance expectations across applications, infrastructure, cloud and externally exposed services.
• Ability to apply risk‑based judgement beyond severity scoring (exploitability, exposure and business context).
• Experience governing penetration testing (scope definition, prioritisation, retesting and remediation assurance).
• Proven track record working with engineering teams where remediation ownership sits outside of security.
• Confident stakeholder management—able to translate technical findings into clear business risk narratives.
• High standards for reporting, documentation and audit readiness.

Desirable Skills and Experience:

• Experience aligning vulnerability governance to ISO 27001 and/or NIST.
• Hands‑on experience configuring and operating industry‑standard vulnerability testing tooling.
• Exposure to cloud‑native and legacy environments.
• Experience mentoring analysts or leading capability uplift.
• Understanding of secure SDLC and modern engineering delivery models.

Some of our benefits:

• Flexible, hybrid working model.
• Inclusive culture and environment.
• £1000 flexible benefits allowance to suit your needs.
• 30 days holiday + bank holidays.
• Udemy learning access.
• Bonus potential (performance and business‑related).
• Up to 25% discount on Very.co.uk.
• Matched pension up to 6%.

Diversity, inclusion and equal opportunities:

We’re building a culture of everyday inclusion, and welcome applications from anyone who believes they can do the job. We don’t discriminate based on age, disability, gender reassignment, marriage or civil partnership, pregnancy or maternity, race, religion or belief, sex, or sexual orientation. We want our recruitment process to be accessible to everyone. If you need reasonable adjustments to apply, interview, or perform a role, let us know via talentacquisition@theverygroup.com. We’ll be happy to support you. We’re proud to be a Disability Confident Committed Employer and have nine brilliant colleague networks—including DAWN (Disability Awareness at Very) and Think (Neurodiversity at Very)—that are helping us make Very an even more inclusive place to work.