Vulnerability Management Specialist

Role Overview

We are seeking a Vulnerability Management Specialist who will be responsible for identifying, validating, and supporting the remediation of security vulnerabilities across client environments to ensure strong cyber resilience.

You should have hands-on experience with vulnerability management platforms, a strong understanding of security frameworks and threat methodologies, and the ability to work closely with client IT teams to drive remediation activities. In addition to technical vulnerability assessments, the role will also contribute to penetration testing activities, third-party cyber risk reviews, and cybersecurity awareness initiatives.

Key Responsibilities

Vulnerability Management:

• Conduct regular vulnerability scans and assessments across client environments using tools such as Tenable, Qualys, and Microsoft Defender Vulnerability Management.
• Analyze scan results and prioritize vulnerabilities based on risk level, exploitability, and business impact.
• Work closely with client IT teams to support vulnerability remediation activities, including patch management and configuration hardening.
• Apply threat intelligence and frameworks such as MITRE ATT&CK to provide context and improve risk prioritization.
• Contribute to the continuous improvement of vulnerability assessment methodologies and processes.

Penetration Testing:

• Conduct web application, mobile application, and network penetration testing across internal and external environments.
• Execute approved test cases, perform manual validation checks, and validate exploitability of identified vulnerabilities.
• Document technical findings with clear replication steps, impact assessments, and remediation recommendations.
• Participate in engagement scoping, rules of engagement discussions, and retesting activities.
• Develop and maintain testing scripts, checklists, and reusable security testing artefacts.

Application Security:

• Contribute to secure code review activities, identifying insecure coding patterns and validating findings from SAST tools.
• Review automated security findings and summarize issues in a clear, actionable format for development teams.

Reporting & Documentation:

• Produce detailed vulnerability assessment reports, including metrics, trends, and risk insights.
• Ensure reports are aligned with client security requirements and regional compliance standards.
• Maintain high-quality documentation of findings and remediation guidance.

Client Engagement:

• Act as a trusted advisor to clients, ensuring vulnerability management activities align with their security objectives.
• Maintain clear and proactive communication with both technical and non-technical stakeholders.

Required Skills & Experience:

• Hands-on experience with vulnerability management tools, particularly Tenable, Qualys, Microsoft Defender
• Experience conducting vulnerability assessments, remediation support, and security testing.
• Understanding of vulnerability prioritization and scoring methodologies, including CVSS.
• Knowledge of industry security standards and frameworks such as ISO 27001, NIST, Cybersecurity Framework (CSF), CIS Controls, MITRE ATT&CK, OWASP Top 10
• Experience conducting web and network penetration testing.
• Familiarity with secure code review practices and SAST tools such as Fortify, Veracode, or Checkmarx.
• Strong analytical skills to interpret vulnerability data and provide actionable recommendations.
• Excellent communication and reporting skills, with the ability to explain complex security findings to non-technical stakeholders.

Salt is acting as an Employment Business in relation to this vacancy.