14 Vulnerability Management jobs in the United Kingdom

VP of Vulnerability Management Salary - £95-110k 15-20% Bonus Benefits Location – London (2-3 days in office per week) Newly created role with a major Financial Markets organization, looking to hire a VP level Vulnerability Management SME to build on and enhance their existing VM capabilities and eventually take ownership and stand this up as its own core pillar across Information Security. First and foremost, they need someone who understands the technical elements of Vulnerability Management inside out, who can work with the wider SecOps and Infrastructure Engineering functions to respond to high-profile vulnerabilities and ensure all vulnerability management platforms are working at maximum capacity and all patching runs smoothly; whilst also working with the wider business to ensure Vulnerability Management is incorporated into wider company strategies and acting as the Subject Matter Expert for all Vulnerability Management related queries. This is an incredibly opportunity to genuinely take ownership of their Vulnerability Management function as they look to significantly invest and develop it into its own core pillar within Information Security. You’ll have freedom to remain hands-on in the technical elements whilst also leading the strategic and long-term growth of the function. Key Responsibilities Drive the Vulnerability Management strategy across the business, acting as the SME for all VM related queries. Configure, fine-tune and manage the Vulnerability Management tooling (Qualys, RiskSense, Tanium, etc). Work with SecOps teams to coordinate response to high profile / severity vulnerabilities. Develop and enhance Vulnerability Management standards and procedures, continually looking for opportunities to VM capabilities. Key Requirements Hands on experience in a dedicated Vulnerability Management position, acting as the VM authority and SME. Previous experience working within or alongside a SecOps function, responding to incidents and safeguarding against high profile vulnerabilities. Knowledge of cryptographic and encryption concepts and their associated vulnerabilities / security concerns – SSH, TSL, etc. Strong communicator who can work with both technical and non-technical audiences, translating technical concepts into business risks.

**Job Description**
**Who We Are**
We are a world-class team of high calibre application security researchers and engineers who thrive on new challenges. We are an inclusive and diverse team with a full spectrum of experience distributed globally. We have the resources of a large enterprise and the energy of a start-up, working on a critical Greenfield software assurance project collaboratively with our cloud and mobile engineering teams. The Software Assurance organization has the mission is to make application security and software assurance, at scale, a reality. We are a dedicated team, leveraging each other's insights and abilities to produce cutting edge solutions to difficult problems through automation and CI/CD. Join us to grow your career and create the future of software assurance at scale together.
**What You'll Bring**
+ A minimum of 8 years of experience in the cybersecurity field, with a focus on vulnerability management, cloud security, and security architecture analysis.
+ Strong understanding of vulnerability management processes, remediation workflows, and validation of security findings
+ Experience designing and managing security metrics, dashboards, and reporting for technical and leadership audiences
+ Proven expertise in cloud architecture and security principles, and a thorough understanding of risk management frameworks
+ Hands-on experience integrating data from security tools
+ Proficiency in developing and implementing security policies and procedures within cloud environments to safeguard against potential threats
+ Ability to effectively assess and communicate risks and appropriate levels of urgency to management and engineering staff
+ Excellent organizational, presentation, verbal, and written communication skills.
+ Must be legally authorized to work in the UK without the need for employer sponsorship, now or at any time in the future
**Nice to Have**
+ Experience automating metrics pipelines using scripting, APIs, or business intelligence platforms.
+ Familiarity with regulatory frameworks (e.g., NIST, ISO 27001, CIS) and how they influence security metrics
+ Prior experience working closely with IT operations, application teams, and others to support remediation and reporting efforts
**What We'll Give You**
+ A team of very skilled and diverse personnel across the globe
+ Ability to work from home with flexible arrangement.
+ Exposure to mind blowing large-scale cutting-edge systems
+ The resources of a large, global operation while still having the small, start-up feel of a smaller team day to day
+ Develop new skills and competencies working with our vast cloud product offerings
+ Ongoing extensive training and skills development to further your career aspirations
+ Incredible benefits and company perks
+ An organization filled with smart, enthusiastic, and motivated colleagues
+ The opportunity to impact and improve our systems and delight our customers
**Responsibilities**
**Work You'll Do**
As a member of our team, your days will be dynamic and filled with impactful work. You'll be at the forefront of developing strategies to protect cloud-based systems and services. Your role is pivotal in navigating the evolving landscape of cloud security, where each day brings new challenges and opportunities for innovation. Each project presents a new set of challenges, whether it's tailoring security solutions for Oracle's critical customers, or navigating the complexities of global compliance requirements. Additional responsibilities include:
+ Develop and refine new or updated vulnerability management and other technical policies and procedures
+ Design, develop, and maintain security metrics and KPIs to measure the effectiveness, maturity, and progress of technical security programs
+ Partner with the SOC, Oracle Cloud Infrastructure (OCI), Offensive Security, and other stakeholders to prioritize and validate the impact of suspected vulnerabilities
+ Advise customers on mitigation strategies and compensating controls while providing accurate and timely reporting that informs remediation progress
+ Validate remediation actions to ensure vulnerabilities are fully resolved
+ Engage in cloud security architecture, design and implementation, providing expert guidance to ensure secure development and deployment practices
+ Focus on continuous process improvement while developing and refining security protocols and response strategies, ensuring they align with current best practices and regulatory requirements
+ Collaborate with OCI and other internal teams to enhance customer security posture
+ Play a key role in design consultations, facilitating meaningful involvement of the security team in project lifecycles and decision-making processes
+ Stay current on emerging threats, vulnerabilities, and industry trends
Career Level - IC4
**About Us**
As a world leader in cloud solutions, Oracle uses tomorrow's technology to tackle today's challenges. We've partnered with industry-leaders in almost every sector-and continue to thrive after 40+ years of change by operating with integrity.
We know that true innovation starts when everyone is empowered to contribute. That's why we're committed to growing an inclusive workforce that promotes opportunities for all.
Oracle careers open the door to global opportunities where work-life balance flourishes. We offer competitive benefits based on parity and consistency and support our people with flexible medical, life insurance, and retirement options. We also encourage employees to give back to their communities through our volunteer programs.
We're committed to including people with disabilities at all stages of the employment process. If you require accessibility assistance or accommodation for a disability at any point, let us know by emailing or by calling in the United States.
Oracle is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans' status, or any other characteristic protected by law. Oracle will consider for employment qualified applicants with arrest and conviction records pursuant to applicable law.

**Job Description**
**Who We Are**
We are a world-class team of high calibre application security researchers and engineers who thrive on new challenges. We are an inclusive and diverse team with a full spectrum of experience distributed globally. We have the resources of a large enterprise and the energy of a start-up, working on a critical Greenfield software assurance project collaboratively with our cloud and mobile engineering teams. The Software Assurance organization has the mission is to make application security and software assurance, at scale, a reality. We are a dedicated team, leveraging each other's insights and abilities to produce cutting edge solutions to difficult problems through automation and CI/CD. Join us to grow your career and create the future of software assurance at scale together.
**What You'll Bring**
+ A minimum of 8 years of experience in the cybersecurity field, with a focus on vulnerability management, cloud security, and security architecture analysis.
+ Strong understanding of vulnerability management processes, remediation workflows, and validation of security findings
+ Experience designing and managing security metrics, dashboards, and reporting for technical and leadership audiences
+ Proven expertise in cloud architecture and security principles, and a thorough understanding of risk management frameworks
+ Hands-on experience integrating data from security tools
+ Proficiency in developing and implementing security policies and procedures within cloud environments to safeguard against potential threats
+ Ability to effectively assess and communicate risks and appropriate levels of urgency to management and engineering staff
+ Excellent organizational, presentation, verbal, and written communication skills.
+ Must be legally authorized to work in the UK without the need for employer sponsorship, now or at any time in the future
**Nice to Have**
+ Experience automating metrics pipelines using scripting, APIs, or business intelligence platforms.
+ Familiarity with regulatory frameworks (e.g., NIST, ISO 27001, CIS) and how they influence security metrics
+ Prior experience working closely with IT operations, application teams, and others to support remediation and reporting efforts
**What We'll Give You**
+ A team of very skilled and diverse personnel across the globe
+ Ability to work from home with flexible arrangement.
+ Exposure to mind blowing large-scale cutting-edge systems
+ The resources of a large, global operation while still having the small, start-up feel of a smaller team day to day
+ Develop new skills and competencies working with our vast cloud product offerings
+ Ongoing extensive training and skills development to further your career aspirations
+ Incredible benefits and company perks
+ An organization filled with smart, enthusiastic, and motivated colleagues
+ The opportunity to impact and improve our systems and delight our customers
**Responsibilities**
**Work You'll Do**
As a member of our team, your days will be dynamic and filled with impactful work. You'll be at the forefront of developing strategies to protect cloud-based systems and services. Your role is pivotal in navigating the evolving landscape of cloud security, where each day brings new challenges and opportunities for innovation. Each project presents a new set of challenges, whether it's tailoring security solutions for Oracle's critical customers, or navigating the complexities of global compliance requirements. Additional responsibilities include:
+ Develop and refine new or updated vulnerability management and other technical policies and procedures
+ Design, develop, and maintain security metrics and KPIs to measure the effectiveness, maturity, and progress of technical security programs
+ Partner with the SOC, Oracle Cloud Infrastructure (OCI), Offensive Security, and other stakeholders to prioritize and validate the impact of suspected vulnerabilities
+ Advise customers on mitigation strategies and compensating controls while providing accurate and timely reporting that informs remediation progress
+ Validate remediation actions to ensure vulnerabilities are fully resolved
+ Engage in cloud security architecture, design and implementation, providing expert guidance to ensure secure development and deployment practices
+ Focus on continuous process improvement while developing and refining security protocols and response strategies, ensuring they align with current best practices and regulatory requirements
+ Collaborate with OCI and other internal teams to enhance customer security posture
+ Play a key role in design consultations, facilitating meaningful involvement of the security team in project lifecycles and decision-making processes
+ Stay current on emerging threats, vulnerabilities, and industry trends
Career Level - IC4
**About Us**
As a world leader in cloud solutions, Oracle uses tomorrow's technology to tackle today's challenges. We've partnered with industry-leaders in almost every sector-and continue to thrive after 40+ years of change by operating with integrity.
We know that true innovation starts when everyone is empowered to contribute. That's why we're committed to growing an inclusive workforce that promotes opportunities for all.
Oracle careers open the door to global opportunities where work-life balance flourishes. We offer competitive benefits based on parity and consistency and support our people with flexible medical, life insurance, and retirement options. We also encourage employees to give back to their communities through our volunteer programs.
We're committed to including people with disabilities at all stages of the employment process. If you require accessibility assistance or accommodation for a disability at any point, let us know by emailing or by calling in the United States.
Oracle is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans' status, or any other characteristic protected by law. Oracle will consider for employment qualified applicants with arrest and conviction records pursuant to applicable law.

Description
Embark on a Mission to Fortify Amazon's Defenses as a Security Engineer with the Vulnerability Management & Remediation Operations team!
Amazon Security is seeking a Security Engineer to join our Vulnerability Management and Remediation Operations (VMRO) team in London, UK. The VMRO team is responsible for discovering, assessing, triaging, detecting, and driving the remediation of vulnerabilities across the Amazon ecosystem
Key job responsibilities
- Analyse public and private vulnerability disclosures and exploit code
- Deeply understand and assess the technical details and potential impact of vulnerabilities across Amazon's infrastructure, services, and applications.
- Investigate and triage vulnerabilities, identifying severity and the scope of potential impact to Amazon.
- Support response and remediation efforts, assisting builder teams to fix their security issues in a timely manner
- Engineer high quality, scalable, and accurate vulnerability detection mechanisms
- Design and implement automation, tools and workflows to enhance our operations capabilities.
- Be part of a global team and participate in periodic on-call responsibilities to ensure the continuous monitoring and remediation of vulnerabilities.
- Experience programming in Python, Ruby, Go, Swift, Java, .Net, C++ or similar object oriented language and SQL
About the team
Diverse Experiences
Amazon Security values diverse experiences. Even if you do not meet all of the preferred qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn't followed a traditional path, or includes alternative experiences, don't let it stop you from applying.
Why Amazon Security?
At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon's products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.
Inclusive Team Culture
In Amazon Security, it's in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.
Training & Career Growth
We're continuously raising our performance bar as we strive to become Earth's Best Employer. That's why you'll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.
Work/Life Balance
We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why we strive for flexibility as part of our working culture. When we feel supported in the workplace and at home, there's nothing we can't achieve.
Mentorship and Career Growth
We're continuously raising our performance bar as we strive to become Earth's Best Employer. That's why you'll find endless knowledge-sharing, mentorship and other career-advancing resources here to help you develop into a better-rounded professional.
Basic Qualifications
- Bachelor's degree in computer science or equivalent
- Knowledge of networking protocols such as HTTP, DNS and TCP/IP
- Experience programming in Python, Ruby, Go, Swift, Java, .Net, C++ or similar object oriented language
- 5 years security engineering experience in system, network, and/or application security
- 5 years experience developing vulnerability assessment tests with Python or Java.
- 5 years experience improving accuracy of vulnerability detection mechanisms across a diverse technical ecosystem
- 3 years experience troubleshooting networking, operating systems, applications, or cloud services.
- 3 years experience building cloud-based services
Preferred Qualifications
- Experience with AWS products and services
- Experience with any combination of the following: threat modeling, secure coding, identity management and authentication, software development, cryptography, system administration and network security
Amazon is an equal opportunities employer. We believe passionately that employing a diverse workforce is central to our success. We make recruiting decisions based on your experience and skills. We value your passion to discover, invent, simplify and build. Protecting your privacy and the security of your data is a longstanding top priority for Amazon. Please consult our Privacy Notice ( ) to know more about how we collect, use and transfer the personal data of our candidates.
Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you're applying in isn't listed, please contact your Recruiting Partner.

**Do you want your voice heard and your actions to count?**
Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the world's leading financial groups. Across the globe, we're 150,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.
With a vision to be the world's most trusted financial group, it's part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.
Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.
The Threat and Vulnerability Management Team Lead is responsible for defining, developing, and leading the strategic direction for safeguarding the organisation's infrastructure and applications. This is achieved by proactively identifying, assessing, and remediating security vulnerabilities. The role sits within the Digital Engineering Services & Solutions (DES) department of the Technology Division.
The role is part of the Digital Engineering Services & Solutions (DES) department, which encompasses Infrastructure and Service Management across EMEA Bank, International Securities, and the 15+ countries in which these entities operate. The position is responsible for leading the Threat and Vulnerability Management function, including oversight of an outsourced offshore third-party service.
This function integrates secure practices into the development lifecycle and aligns with service transition processes to ensure compliance with internal controls and regulatory standards. It plays a critical role in governance, audit readiness, and the continuous improvement of MUFG's security posture, while also serving as the central coordination point for all vulnerability-related activities across DES.
The successful candidate must demonstrate proven experience in leading teams and fostering a culture of technical excellence. They will be expected to establish best practices for risk identification and remediation planning, while also influencing stakeholders and delivering competitive advantage for global organisations by protecting against external threats and potential security vulnerabilities.
NUMBER OF DIRECT REPORTS
Circa 5
**KEY RESPONSIBILITIES**
**Strategic Leadership & Vision**
+ Lead the design, development, operation and management of the department's Threat and Vulnerability Management (TVM) strategy and roadmaps, ensuring alignment with business requirements, services, strategic goals, and IT risk appetite.
+ Develop short, medium, and long-term strategic goals and objectives for DES TVM, including documenting the current environment and defining the future roadmap.
+ Define measurable, repeatable processes and reporting metrics, subject to continuous improvement.
+ Define the DES Threat and Vulnerability function's Key Risk Indicators (KRIs) and govern accordingly. Produce regular KPI, MI, and risk management data for senior management.
+ Responsible for identifying cost-saving and optimisation opportunities within MUS EMEA and the wider MUFG group.
**Operational Oversight & Technical Execution**
+ Lead a team of Threat and Vulnerability Engineers to deliver best practice operations and strategic development, shaping the department's security posture while adhering to MUFG policies and procedures.
+ Oversee the successful deployment of routine and out-of-band security patches across IT infrastructure.
+ Automate patch deployments and associated post-deployment check-outs.
+ Triage vulnerabilities into "Fix, Acknowledge, and Investigate" categories using industry-aligned risk rating methodologies.
+ Use ServiceNow Application Vulnerability Response (AVR) and Vulnerability Response (VR) modules to manage and report on vulnerabilities and violations across the estate, integrating with dashboards and workflows for visibility and accountability.
**Risk Management & Remediation**
+ Work with other technology teams to provide in-depth analysis of vulnerabilities and impacts to key stakeholders.
+ Collaborate with application teams to ensure secure coding practices and timely remediation of vulnerabilities, aligned with criticality-based policy enforcement.
+ Prioritise weaknesses in IT infrastructure and applications using manual and automated methods, including results from Static Application Testing (SAST) and Software Composition Analysis (SCA) tooling (in conjunction with the Service Transition team).
+ Influence stakeholders to prioritise and drive remediation of process and technology gaps
+ Work with Cyber Security, Application Teams, and IT Risk to ensure controls are met and vulnerabilities are addressed across infrastructure and applications.
+ Engage and support Cyber Security for remediation of penetration test findings.
+ Engage with Internal and External Auditors as the SME on all matters relating to VM.
**Stakeholder Engagement & Culture**
+ Act as the primary Service Matter Expert and point of contact for the Threat and Vulnerability Management function within DES.
+ Work closely with industry partners, vendors, and the wider technology ecosystem to leverage external expertise and best practices. Conduct market research to identify emerging risk and vulnerability trends.
+ Build strong relationships across Bank and Securities functions (e.g. IT Risk & Control, Cyber Security, Operational Risk), underpinned by trust and MUFG's core values.
+ Lead by example in building relationships across the Bank, strengthening peer networks and collaboration.
+ Promote MUFG's values-led culture, fostering inclusivity and diversity.
+ Champion staff cyber education and awareness to embed a proactive cyber-focused culture.
+ Promote a dynamic, delivery-driven culture that works alongside Technology and Business units to provide responsive resolutions and value-driven solutions.
**SKILLS AND EXPERIENCE**
**Leadership & Team Development**
+ Proven experience of directly managing a team of Threat and Vulnerability Engineers, including mentoring, developing, and guiding security professionals in a collaborative, high-performing environment.
+ Strong strategic thinking and visionary skills with the ability to co-develop and drive the function's technical vision, strategy, and roadmap aligned with business goals and risk appetite.
**Technical Expertise & Security Operations**
+ Prior extensive experience working within infrastructure environments and cloud platforms (AWS, Azure, Oracle), with a high-level understanding of platforms, operating systems, and technologies.
+ Proven capability in creating and executing comprehensive threat and vulnerability management programmes, including vulnerability scanning, penetration testing, and security awareness training.
+ Proficiency in using vulnerability scanning tools (e.g. Tenable, Qualys, Rapid7, Veracode, JFrog Xray), threat intelligence platforms, and incident response tools.
+ Prior experience implementing automated solutions for vulnerability scanning, threat detection, and incident response, with a focus on continuous process improvement.
**Risk Management & Threat Intelligence**
+ Strong familiarity with security frameworks and standards (e.g. NIST, ISO 27001), and deep understanding of security concepts including vulnerability management, threat intelligence, incident response, and offensive security techniques.
+ Experience in gathering and analysing threat intelligence to understand emerging threats, attack vectors, and threat actors. Maintains up-to-date knowledge of the latest security threats, vulnerabilities, and best practices.
+ Strong analytical and problem-solving skills to analyse data, identify patterns and develop effective solutions to mitigate risk.
**Communication & Stakeholder Engagement**
+ Proven ability to communicate effectively with senior management, providing governance and risk oversight.
+ Excellent verbal and written communication skills to report findings and collaborate across cross-functional Technology and non-Technology teams.
+ Ability to translate technical risks into business-relevant language for both technical and non-technical stakeholders, including executive leadership.
EDUCATION / QUALIFICATIONS/ TECHNICAL COMPETENCIES
**Essential**
+ Recognised cybersecurity certification: CISSP and/or CISM
+ Strong knowledge of:
+ Ivanti LANDesk, Qualys, Splunk
+ Windows Server/Desktop, RHEL/OEL Linux
+ PowerShell and Python scripting
+ Proven experience leading strategic security initiatives and process automation in large-scale environments
**Desirable**
+ Additional certifications: CCSP
+ Familiarity with:
+ CyberArk PAM, ServiceNow SecOps Vulnerability Response / Application Vulnerability Response.
+ VMWare, Nutanix, Java VM
+ MSSQL, Oracle, MongoDB
+ Red Hat Satellite, Active Directory, LDAP, Kerberos
+ Confluence, JIRA
+ GDPR and SOX compliance frameworks
**PERSONAL REQUIREMENTS**
+ Excellent communication skills
+ Ability to manage constructive conflict effectively
+ Ability to build strong and lasting relationships across the bank
+ Results driven, with a strong sense of accountability, focused on business outcomes
+ Strong decision-making skills, the ability to demonstrate sound judgement
+ A structured and logical approach to work
+ A creative and innovative approach to work
+ Excellent interpersonal skills
+ The ability to manage large workloads and tight deadlines
+ Excellent attention to detail and accuracy
+ A calm approach, with the ability to perform well in a pressurised environment
+ A confident approach, with the ability to provide clear direction to your team
+ Ability to lead a high performing team
+ A strategic approach, with the ability to lead and motivate your team
+ Conscientious, methodical and logical approach to work
We are open to considering flexible working requests in line with organisational requirements.
MUFG is committed to embracing diversity and building an inclusive culture where all employees are valued, respected and their opinions count. We support the principles of equality, diversity and inclusion in recruitment and employment, and oppose all forms of discrimination on the grounds of age, sex, gender, sexual orientation, disability, pregnancy and maternity, race, gender reassignment, religion or belief and marriage or civil partnership.
We make our recruitment decisions in a non-discriminatory manner in accordance with our commitment to identifying the right skills for the right role and our obligations under the law.
At MUFG, our colleagues are our greatest assets. Our Culture Principles provide a roadmap for how each of our colleagues must think and act to become more client-obsessed, inclusive and innovative. They reflect who we are, who we want to be and what we expect from one another. We are excited to see you take the next step in exploring a career with us and encourage you to spend more time reviewing them!
**Our Culture Principles**
+ Client Centric
+ People Focused
+ Listen Up. Speak Up.
+ Innovate & Simplify
+ Own & Execute

Description
Embark on a Mission to Fortify Amazon's Defenses as a Support Engineer with the Vulnerability Management & Remediation Operations team!
Amazon Security is seeking an experienced and innovative Support Engineer specialising in cybersecurity to join our Vulnerability Management and Remediation Operations (VMRO) team in London, UK. The VMRO team is a global team that is responsible for assessing, detecting, and driving the remediation of vulnerabilities across the Amazon ecosystem.
Key job responsibilities
- Support vulnerability detection campaigns by working closely with Campaign Owners to launch and continuously improve the quality of campaigns across Amazon.
- Assess and negotiate with customers to drive down security risk by engaging with teams to remediate critical security vulnerabilities in their environments.
- Collaborate with builder teams to implement security fixes and improvements.
- Understand technical details of vulnerabilities affecting Amazon's infrastructure, services, and applications.
- Review and analyse common vulnerability disclosures and assist in evaluating potential impacts.
- Help triage vulnerabilities and contribute to impact and detection logic assessments.
- Contribute to the development of automation of repetitive tasks.
- Actively participate in updating documentation and sharing knowledge across your global peers.
- Participate in an on-call rotation to support continuous monitoring and remediation of vulnerabilities.
If you're excited about the opportunity to make a significant impact on the security of one of the world's largest and most complex technology ecosystems from our London office, we'd love to hear from you!
About the team
Why Amazon Security?
At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon's products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.
Inclusive Team Culture
In Amazon Security, it's in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.
Training & Career Growth
We're continuously raising our performance bar as we strive to become Earth's Best Employer. That's why you'll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.
Work/Life Balance
We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why we strive for flexibility as part of our working culture. When we feel supported in the workplace and at home, there's nothing we can't achieve.
Mentorship & Career Growth
We're continuously raising our performance bar as we strive to become Earth's Best Employer. That's why you'll find endless knowledge-sharing, mentorship and other career-advancing resources here to help you develop into a better-rounded professional.
Basic Qualifications
- Bachelor's degree in Computer Science, Computer Engineering, Software Engineering, Cybersecurity or related technical degree or equivalent; or 3+ years equivalent technology experience
- Strong understanding of security concepts with a security mindset.
- Strong understanding of computer and network weaknesses and mitigating controls.
- Strong ability to understand risk and prioritisation in the context of the business.
- Ability to communicate effectively within technical and business settings.
- Ability to document learnings and contribute to knowledge sharing and runbook building.
- Experience with secure-cloud configuration, (CloudTrail, AWS Config), cloud-security technologies (VPC, Security Groups, WAF etc.), and cloud-permission systems (IAM).
- Experience with identity and access concepts, with technologies to secure production and corporate access, (SSO, SAML) and with Federated Identity, RBAC, authentication and authorisation solution, encryption, SSL, and related.
Preferred Qualifications
- 2+ years of experience in fields such a Security Operations, technology audit, or security vulnerability lifecycle.
- Ability to prioritise multiple tasks and projects.
- Have a passion to learn and thrive in a dynamic and constantly changing environment.
- Experience with virtualisation technologies, especially with AWS services.
- Relevant industry certifications such as CISSP, SANS, ISC2, CompTia, etc.
- Maturity, judgment, negotiation/influence skills, analytical skills, and leadership skills.
- Demonstrated knowledge of web protocols, common attacks, and working knowledge of Linux/Unix tools and architecture.
- Understanding of best practices across multiple security disciplines/domains.
- Demonstrated ability to work autonomously with a Bias for Action, critical and creative thinking.
- Demonstrated ability to collaborate, develop partnerships, and work effectively as a member of a global, inclusive team.
Amazon is an equal opportunities employer. We believe passionately that employing a diverse workforce is central to our success. We make recruiting decisions based on your experience and skills. We value your passion to discover, invent, simplify and build. Protecting your privacy and the security of your data is a longstanding top priority for Amazon. Please consult our Privacy Notice ( ) to know more about how we collect, use and transfer the personal data of our candidates.
Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you're applying in isn't listed, please contact your Recruiting Partner.

Description
Embark on a Mission to Fortify Amazon's Defenses as a Senior Technical Program Manager with the Vulnerability Management & Remediation Operations team!
Amazon Security is seeking an experienced and innovative Senior Technical Program Manager specialising in cybersecurity to join our Vulnerability Management and Remediation Operations (VMRO) team in London, UK. The VMRO team is a global team that is responsible for assessing, detecting, and driving the remediation of vulnerabilities across the Amazon ecosystem. As a Senior Technical Program Manager you will have solid technical expertise in security operations and program management to join us in building and maturing our VMR Operations programs. In this role, you will be responsible for driving the strategic, technical, and engineering direction of VMR's Vulnerability, Campaign and Issue Operations Management Programs, which enables builders and drives remediation actions across Amazon. You will leverage relationships with engineers across Stores Security, business teams, and leaders throughout Amazon to prioritise deliverables, escalate roadblocks, and improve operational processes. You will build trust with Principal Engineers and executive leaders by leveraging your technical expertise to understand technical challenges, design improved solutions, and hold a high program bar. Finally, you will use your information security expertise to champion and drive risk-based decisions across complex, multi-disciplinary programs to ensure Amazon properly manages security risk.
Key job responsibilities
- Support vulnerability detection campaigns by working closely with Campaign Owners to launch and continuously improve the quality of campaigns across Amazon.
- Assess and negotiate with customers to drive down security risk by engaging with teams to remediate critical security vulnerabilities in their environments.
- Leveraging your technical expertise to understand technical challenges, design improved solutions, and hold a high program bar.
- Manage the operational help of the VMRO team by building and reporting SLA and KPI metrics to leadership and identifying improvements, and building programs to deliver these improvements.
- Work with internal stakeholders to improve campaign health and work with customers to drive remediation of security vulnerabilities across Amazon.
- Work closely with security engineers to maintain operational stability and inform priorities for innovative development efforts to drive high impact improvements to operational processes across Vulnerability Operations, Campaigns and Issue Health Management.
About the team
Diverse Experiences
Amazon Security values diverse experiences. Even if you do not meet all of the preferred qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn't followed a traditional path, or includes alternative experiences, don't let it stop you from applying.
Why Amazon Security?
At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon's products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.
Inclusive Team Culture
In Amazon Security, it's in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.
Training & Career Growth
We're continuously raising our performance bar as we strive to become Earth's Best Employer. That's why you'll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.
Work/Life Balance
We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why we strive for flexibility as part of our working culture. When we feel supported in the workplace and at home, there's nothing we can't achieve.
Mentorship and Career Growth
We're continuously raising our performance bar as we strive to become Earth's Best Employer. That's why you'll find endless knowledge-sharing, mentorship and other career-advancing resources here to help you develop into a better-rounded professional.
Basic Qualifications
- Bachelor's degree or above in Computer Science, Computer Engineering, Cybersecurity, or other related discipline
- 6+ years of technical program management experience working directly with security and software engineering teams
- Experience managing programs across cross functional teams, building knowledge and processes
- Experience in operationalising new tools and functions across a global team including delivery and training
- Experience defining operational KPI's/SLA's and reporting to senior leadership
- Experience building dashboards with business intelligence tools such as Amazon QuickSight
- Experience writing SQL queries and deep diving complex datasets
- Experience building and evaluating system-level technical design and providing customer requirements to engineering teams
- Understanding of SDLC and Architecture System Design with the ability to ensure functionality and tradeoffs in terms of scalability, maintainability, extensibility, performance, and security.
- Experience working within a security organisation
Preferred Qualifications
- Experience in project management disciplines including scope, schedule, budget, quality, along with risk and critical path management
- Experience managing projects across cross functional teams, building sustainable processes and coordinating release schedules
- Experience defining KPI's/SLA's used to drive multi-million dollar businesses and reporting to senior leadership
Amazon is an equal opportunities employer. We believe passionately that employing a diverse workforce is central to our success. We make recruiting decisions based on your experience and skills. We value your passion to discover, invent, simplify and build. Protecting your privacy and the security of your data is a longstanding top priority for Amazon. Please consult our Privacy Notice ( ) to know more about how we collect, use and transfer the personal data of our candidates.
Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you're applying in isn't listed, please contact your Recruiting Partner.