Senior Security Analyst - Threat & Vulnerability Management

About the position Join SLC’s Cyber Security team and lead the proactive evaluation and management of threats, vulnerabilities, and exposures to strengthen our security posture. You’ll drive both traditional Vulnerability Management and Continuous Threat Exposure Management, ensuring risks are identified, prioritised, and addressed before they impact the business. By overseeing Cyber Threat Intelligence, you’ll deliver actionable insights that inform defensive strategies and operational decisions, while managing the BAU penetration testing calendar and providing expert guidance for project delivery. In this role, you’ll facilitate forums to review risk posture and remediation, oversee CTEM tooling, and monitor emerging threats and attack trends to keep SLC resilient against evolving risks. Collaborating closely with stakeholders, you’ll align security initiatives with business objectives, communicate intelligence insights to senior leaders, and champion enhancements through automation and best practices. With a commitment to continuous learning and mentoring junior team members, you’ll play an important role in building capability and resilience across the organisation. Responsibilities • Lead the proactive evaluation and management of threats, vulnerabilities, and exposures to strengthen our security posture. • Drive both traditional Vulnerability Management and Continuous Threat Exposure Management, ensuring risks are identified, prioritised, and addressed before they impact the business. • Oversee Cyber Threat Intelligence, delivering actionable insights that inform defensive strategies and operational decisions • Manage the BAU penetration testing calendar and providing expert guidance for project delivery. • Facilitate forums to review risk posture and remediation • Oversee CTEM tooling • Monitor emerging threats and attack trends to keep SLC resilient against evolving risks. • Collaborate closely with stakeholders to align security initiatives with business objectives • Communicate intelligence insights to senior leaders • Champion enhancements through automation and best practices. • Mentor junior team members, and play an important role in building capability and resilience across the organisation. Requirements • Excellent understanding of vulnerability management processes, best practices, and hands-on experience with exposure management, remediation coordination, and penetration testing methodologies/scoping. • Very good verbal/written communication skills, with proven ability to explain technical concepts to both technical and non-technical audiences, present governance forums, and engage senior leadership. • Familiarity with IDS/IPS, encryption, cryptography, key management, and firewalls, alongside awareness of infrastructure systems including Windows, UNIX/Linux, and Solaris. • Ability to interpret cyber threat intelligence, gather insights from trusted sources, and monitor emerging threats to advise on secure solutions. • Commitment to continuous learning, mentoring junior team members, and building team capability and resilience. • Solid grounding in current security standards and frameworks such as ISO 27001 and PCI-DSS. Nice-to-haves • Troubleshooting experience with UNIX/Linux OS will be a great advantage but is not essential. Benefits • 28 days annual leave plus 8 public holidays • Option to buy/sell annual leave • Flexi-time and enhanced flexible working options available • Option to join the Civil Service pension scheme • Life insurance cover for 4 x annual salary • Enhanced company sick pay and family leave including maternity, paternity and adoption • Contributory lifestyle benefit options including discounts at hundreds of retailers, cycle to work scheme, access to the Civil Service Sports and Leisure Club for discounted gym memberships, and an optional dental insurance scheme Apply tot his job