About the Business
Quilter plc is a leading provider of financial advice, investments, and wealth management. It oversees £141.9billion in customer investments and serves affluent and high net worth clients with financial planning, investment platforms, multi asset solutions and discretionary fund management.
About the Role
Level: 4 • Department: Security Operations (Information Security) • Reports to: Head of Security Operations • Location: Southampton / London / England - Home Worker • Contract Type: Fixed Term 12 months
The Vulnerability Management Specialist will drive a risk based vulnerability management programme across on prem, cloud and external estate, prioritising remediation and delivering measurable outcomes.
Key Responsibilities
- Operate and continuously improve vulnerability scanning and prioritisation using Qualys VMDR and associated capabilities, performing daily/weekly triage of new and emerging vulnerabilities, applying consistent severity mapping, and keeping up to date with emerging threats.
- Own day to day CSPM triage and oversight, ensuring cloud posture findings are actionable, risk rated, and routed for remediation. Monitor compliance against cloud benchmarks and track "attack path" findings to closure.
- Ingest and operationalise Attack Surface Management findings to identify and reduce risk from internet facing assets, unknown services and misconfigurations, working with infrastructure, cloud and network teams to validate exposure and drive remediation or risk acceptance.
- Drive remediation outcomes through structured engagement with platform, infrastructure, application, endpoint and cloud teams, maintaining an exception and risk acceptance approach for non remediated vulnerabilities and overseeing major disclosure and zero day responses.
- Produce accurate reporting and stakeholder communication, including trends, SLA performance, backlog health, and risk based prioritisation views, translating technical exposure into business impact.
- Continuously improve vulnerability and CSPM processes, ensuring effective cadence and maintaining playbooks/runbooks for disclosure response.
Key Stakeholders
- Security Operations / Detection Engineering, Cyber Threat, Infrastructure & Platform and Cloud Engineering, Application Owners, End User Computing, Risk & Governance partners, and relevant third party suppliers/MSSPs
About You - Essential
- Hands on experience operating enterprise vulnerability management tooling, especially Qualys VMDR, across complex environments.
- Strong experience with Azure CSPM operations, including triage, prioritisation, remediation routing, and assurance.
- Practical experience with Attack Surface Management concepts and workflows, validating exposed assets and driving remediation.
- Deep understanding of code based and software component vulnerabilities and their exploitability.
- Proven ability to run a risk based vulnerability programme, with stakeholder management, remediation tracking and clear reporting.
- Excellent communicator able to explain technical vulnerabilities and remediation options to varied audiences.
About You - Desirable
- Experience integrating vulnerability management with broader security tooling and control frameworks.
- Experience in regulated environments, with evidence led reporting and governance expectations.
Qualifications / Certifications (optional)
- Relevant security certification(s) such as CISSP/CCSP, Azure Security, vulnerability management or cloud security certifications.
Benefits
- Holiday: 182 hours (26 days)
- Quilter Incentive Scheme: eligibility for all employees to incentivise business performance.
- Pension Scheme: non contributory company pension that can be boosted through personal contributions.
- Healthcare Cash Plan: available to Jersey employees.
- Benefit Allowance: cash benefit allowance payable in lieu of some core benefits.
- Flexible benefits available to UK employees via salary deduction.
Inclusion & Diversity
We value diversity and promote inclusivity. We provide equal opportunities to all applicants and encourage a respectful, nurturing environment for everyone. We are committed to treating all job applicants fairly and with respect, welcoming people regardless of belief, culture, gender identity, ethnicity, sexual orientation or disability. Reasonable adjustments for the recruitment process are available upon request.