Senior Manager Vulnerability Management

Role Title: Senior Manager – Vulnerability Management
Location: Newbury/Brentford/Paddington

Role Purpose

• The Senior Manager Vulnerability Management is responsible for the global strategy creation, implementation and ongoing running of effective vulnerability and exposure management (including responsible disclosure) across Vodafone's entire estate. They own the Vulnerability scanning, prioritization, risk impact analysis and remediation tracking jointly with risk led pen testing and red/purple teaming.


• They support also Cyber Defence's response to serious cyber incidents and execute pen testing needed during incident management process.


• The role holder is responsible for evolving and maintaining policy impacting vulnerability management globally at Vodafone and reporting on key performance metrics.


• It is expected they lead also improvement in the process identifying new ways to tackle the challenges and automation opportunities.

What you'll do

• Accountable for evolving and running the global cyber vulnerability management strategy and operating model for Vodafone.


• Setting the global vulnerability management framework, standards, and procedures.


• Leading and directing the strategic and operational vulnerability management plan run globally across Vodafone.


• Identifying vulnerabilities and tracking remediation to reduce risk.


• Evolving the approach to identify and assess vulnerabilities behind the standard tooling and processes.


• Building and maintaining a skilled and competent global team able to respond to current and evolving cyber threats and their exploitation models.


• As required, supporting Vodafone's Cyber Defence response to the most serious threats and incidents.


• SME advice and providing concise technical briefings at a leadership and senior stakeholder level that drive decision making and response.


• Responsible for creation, refinement and delivery of high-quality technical reporting and remediation plans on identified technical issues.


• Working with security vendors on the identification and development of new vulnerability management platforms and services as required.


• Lead Red Teaming activities with external suppliers support where needed and identify internal pentesting activities on critical areas to improve the security posture.


• Run regular and on-demand vulnerability scans, prioritize results and support remediation.


• Proactively notify stakeholders on high severity vulnerabilities and support detection, containment and remediation actions.


• Stakeholder engagement and management - building and developing key internal and external relationships, including at senior and executive levels across the company.


• Periodically acting as the Cyber Defence Manager on Duty in the evenings and at weekends. This is usually from home but may require office working.

Who you are

• Significant experience in the vulnerability management and penetration testing field. Able to demonstrate experience and knowledge in one or more of the following is mandatory.


• Ability to quickly dig into complex technical concepts and distil for less technical audiences.


• Vulnerability scanning and management tools – both to understand the use of and an ability to explain the need for; combined with an awareness of leading on guidance at Vodafone scale and complexity.


• Red Team and Penetration testing methodologies and tools – both to understand the use of and an ability to explain the need for; combined with an awareness of leading on guidance at Vodafone scale and complexity.


• Expert-level understanding of operating system and software vulnerabilities and exploitation techniques.


• Must have web application vulnerabilities and exploitation techniques knowledge, covering the OWASP Top 10 as a minimum.


• Defining, building, and leading effective virtual and dispersed highly technical teams at global scale.


• Building and successfully delivering strategic and tactical plans.


• Strong track record of managing performance and defining/delivering against challenging SLAs and KPIs and continuous improvement initiatives.


• Applied thinking and analysis to new situations.


• Identifying, building, and maintaining effective relationships through influencing, collaboration, and liaison across relevant stakeholders globally.


• Analytical, communication and senior/executive stakeholder management skills.


• Creation, delivery and maintenance of high-quality technical reporting and remediation guidelines on identified technical issues.


• Experience and knowledge in one or more of the following is desirable:


• Knowledge and experience in testing telecom technologies and infrastructure devices such as SIP, SS7, IN, Packet core infrastructure (GGSN/SGSN)


• Experience in developing in-house tools or scripts to improve delivery and facilitate testing operations.


• Ability to perform targeted penetration tests with vulnerability identification, exploitation, and post-exploitation activities with no or minimal use of automated tools.

What's in it for you

• Discretionary yearly bonus: 20%


• Company car: company funded car of £580 per month + private fuel or cash alternative of £630


• per month.


• Annual leave: 28 days + bank holidays + the opportunity to buy/sell/carry over 5 days/year


• Charity days: 5 days/year


• Maternity leave: 52 weeks out of which 39 weeks are fully paid + 13 weeks half pay and 6 months - working 4 days, getting paid 5


• Private pension: You can contribute up to 5% of your basic pay with 2:1 matching from Vodafone up to 10%.


• Access to: private medical, private dental, free health assessments, share save scheme


• Additional discounts: Vodafone retail, gym, cinema, cycle to work, season ticket loan

Who we are

#TogetherWeCan #GroupResourcing #GroupTalentAcquisition #WeAreHiring #JoinOurTeam #LI-hybrid