91±¬ÁÏ

Role Summary

The Vulnerability Management & Patching Specialist is responsible for delivering vulnerability identification, risk‑based prioritisation, remediation coordination, and patch complianceÌý²¹³¦°ù´Ç²õ²õÌýmultiple customer environments in a managed services model.

The role operates within clearly defined service scopes and shared‑responsibility agreements, using tools such as TenableÌý²¹²Ô»åÌýpatch management platforms (e.g. ManageEngine Patch Manager Plus or equivalent) to reduce customer risk while meeting contractual SLAs, regulatory obligations, and operational stability requirements.

Core Responsibilities

Vulnerability Management

• ±Ê±ð°ù´Ú´Ç°ù³¾Ìýscheduled and ad‑hoc vulnerability scans across customer environments using Tenable or equivalent platforms, in line with contracted service scope
• Analyse scan results to:
• Validate findings and eliminate false positives
• ´¡²õ²õ±ð²õ²õÌýrisk based on severity, exploitability, and asset criticality
• Determine remediation ownership under the shared‑responsibility model
• Prioritise vulnerabilities according to customer SLAs, regulatory requirements, and threat exposure
• Track vulnerabilities through their lifecycle, from detection to remediation, mitigation, exception, or risk acceptance
• ³§³Ü±è±è´Ç°ù³ÙÌýSOC escalation workflows for critical or actively exploited vulnerabilities

Patch Management

• Plan, coordinate, and execute patching activities where patching is included in the managed service scope
• ±«²õ±ðÌýManageEngine Patch Manager Plus or equivalent toolsÌý³Ù´Ç:
• Automate patch deployment
• Schedule maintenance windows
• Enforce approval workflows
• Monitor patch success and compliance
• ³§³Ü±è±è´Ç°ù³ÙÌýemergency and zero‑day patching in response to high‑risk vulnerabilities
• Ensure patching activities minimise customer impact through testing, staged rollouts, and rollback planning
• Maintain patch baselines across servers, endpoints, and supported applications, aligned to customer contracts

Service Delivery, Governance & Reporting

• ±Ê°ù´Ç»å³Ü³¦±ðÌýcustomer‑facing vulnerability and patch reports, including:
• Outstanding vulnerabilities by risk level
• Patch compliance status
• SLA performance and remediation trends
• ±Ê°ù´Ç±¹¾±»å±ðÌýclear remediation guidance to customers where patching responsibility remains client‑owned
• Maintain accurate documentation of:
• Patch schedules and deployment outcomes
• Vulnerability exceptions and compensating controls
• Risk acceptances and approvals
• ³§³Ü±è±è´Ç°ù³ÙÌýcustomer audits, cyber‑insurance, and regulatory evidence requests

Required Skills & Experience

• 3–5 years’ experience in vulnerability management, patch management, SOC, or MSSP operations
• Hands‑on experience with vulnerability management tools, such as:
• Tenable Vulnerability Management / Tenable Security Center
• Qualys or equivalent (transferable skills accepted)
• Experience with patch management platforms, such as:
• ManageEngine Patch Manager Plus
• SCCM, WSUS, BigFix, Tanium, or similar
• Strong understanding of:
• CVEs, CVSS, exploitability, and risk‑based remediation
• Windows and Linux patching models
• Third‑party application patching
• Experience working in multi‑tenant, SLA‑driven environments
• Familiarity with ITIL processes, particularly Change, Incident, and Problem Management

• Relevant certifications (preferred but not mandatory):
• Tenable certifications
• Security+ or equivalent
• ITIL Foundation

Personal Attributes

• Strong organisational skills to manage multiple customers concurrently
• Ability to clearly communicate risk, remediation status, and ownership boundaries to customers
• Comfortable operating in high‑pressure, incident‑driven scenarios
• Detail‑oriented with a strong focus on evidence, reporting accuracy, and audit readiness
• Proactive mindset focused on continuous service improvement