Vulnerability Management Manager

The following content displays a map of the jobs location - Exeter

We're looking for an exceptional Vulnerability Management Manager to help us make a difference to our planet.

As our Vulnerability Management Manager, the job may be suitable for hybrid working, which is where an employee works part of the week in the office and part of the week from home. This is a voluntary, non-contractual arrangement and the location advertised will be your contractual place of work.

Our opportunity is full time, 37 hours per week.Our people are at the heart of what wedoand we'll do our best toagreea working pattern that works for everyone.

World changingwork

From science to technology, from meteorology to management, and from planning to communication, our expertise helps us stand out as the authority on weather accuracy and climate prediction. We help individuals, industries and government to make better decisions to stay safe and thrive. This is the Met Office. This is who we are.

• We'reaforcefor good - focusing on our environmental and socialimpact
• We'reexperts by nature - always learning and developing to do thingsbetter
• We live and breathe it - putting our purpose at the heart ofdecision-making
• We'rebettertogether-understandingpartnerships and inclusivity make usgreater
• We keep evolving - pushing boundaries to make tomorrow better for ourcustomers

Your world ofexpertise

As theVulnerability Management Managerwithin the Security Operations team of the Met Office's Cyber Security Department you will be responsible for driving the vision and operational execution of the organisation's vulnerability management program, overseeing the end-to-end process of identifying, assessing, and recommending mitigations to vulnerabilities across digital services, including complex and mission-critical systems at the Met Office.

• Team Leadership and Development:Lead, manage and mentor a team to ensure the team operate effectively. Develop the team utilising the career framework to identify learning needs and career pathways.
• Vulnerability Management: Manage and coordinate vulnerability scanning, risk assessments, and penetration testing to identify security weaknesses across systems, infrastructure, and digital services.Lead efforts to enhance vulnerability management protocols, ensuring alignment with national (Secure by Design) and international security standards and maintaining regulatory compliance.Establish ongoing surveillance mechanisms to detect andrespond to new vulnerabilities promptly, maintaining the organisational security posture.
• Reporting and Metrics: Define metrics and targets.Prepare and present regular reports on vulnerability management, and trends to management, translating technical metrics into business focused risk insights.

We operate an on-call roster in Technology to provide 24/7/365 support to respond to operational service requirements.This post may be part of an on-call roster and the postholder would be required to participate in an on-call roster where in operation.

Our work is life-changing, often life-saving and always life-enhancing.The Met Office is Great Place to Work UK certified. We are also featured on their ' Best Workplaces in Tech ' 2023 and 2024 lists, as well as their ' 54 Best Workplaces for Women ' 2023 list.

As our Vulnerability Management Manager, your total reward package will be up to £73,518 annually, which includes:

• An outstanding Civil Service pension, with an average employer contribution of 28.97%
• Recruitment Retention Allowance(RRA)you will be paid £9,000 per annum as a market supplement to reflect the demand for your skills. Whilst in post, you will be paid this marketdrivenallowance from April 2024 until March 2026 in your monthlypay
• Annual Leave starting at 27.5 days (plus Bank Holidays) rising to 32.5 days (plus Bank Holidays) after 5 years andoptionto buy or sell up to 5 days per year of annualleave

Essential Criteria,skillsand experience:

• We live and breathe it -Demonstrated ability to lead and manage a team with integrity and genuine passion for our purpose, fostering an inclusive, collaborative culture, and continuously developing team skills and expertise through learning and knowledge sharing.
• We keep evolving - Expert level knowledge and experience in vulnerability management, with deep knowledge of processes for identifying, classifying, and prioritising vulnerabilities using industry standard frameworks such as CVSS, NIST, and MITRE ATT&CK, with a track record of tailoring scoring models to organisational risk appetite.Proven ability to lead end-to-end vulnerability management initiatives in complex IT environments that reduce mean time to remediation, elevate security maturity and align vulnerability management closely with business objectives.
• We're experts by nature - Proven experience delivering an effective, continuously improving vulnerability management capability through metrics-driven assessments and red-team collaborations.Skilled in identifying, assessing, and prioritising vulnerabilities using advanced tools and frameworks, with a strong focus on reducing risk exposure across complex environments.Leverage deep technical expertise and curiosity to drive timely remediation efforts, adapt to evolving threat landscapes, and ensure that vulnerability management activities strengthen organisational resilience through ongoing refinement and proactive risk mitigation.
• We're aforce for good - In-depth understanding of secure system and network design principles, cloud security (AWS, Azure), and modern infrastructure technologies, including their associated vulnerabilities and mitigation strategies.
• We're experts by nature- Expert knowledge of vulnerability scanning tools (such as Tenable, Qualys, Rapid7, Nessus), including hands-on experience in configuring, running and optimising scans across diverse environments.Proficient in asset discovery, attack surface mapping and exposure management techniques to ensure comprehensive visibility of IT and OT assets and their external interfaces.Skilled in applying risk assessment methodologies to evaluate the severity and potential impact of identified vulnerabilities, prioritising remediation efforts based on business risk and operational criticality.
• We're bettertogether - Strong stakeholder management skills, with a demonstrated ability to lead cross-functional teams, engage technical and non-technical stakeholders, and drive vulnerability remediation initiatives in alignment with organisational risk appetite and enforcing SLAs and performance metrics with transparency and fairness. Demonstrated ability to interpret complex technical findings and communicate them effectively to both technical teams and senior stakeholders, translating risks into clear, actionable business insights that support informed decision-making and enhance organisational security posture.

How to apply

If you share our values, we'd love to hear from you! Click apply to begin your application.Please complete your career history and provide evidence against each of the essential criteria in the supporting statement questionnaire.We recommend candidates use the CARL method (Context, Action, Result and Learning) for presenting evidence of experience and skills.

Closing date 29/06/2025 at 23:59 with first stage interviews commencing from 14/07/2025. You will hear from us once the closing date has passed.

Using AI in your application

We welcome applications that use AI tools for support in drafting or refining, as long as they accurately reflect your own skills and experience. All hiring decisions at the Met Office are made by people, not AI. For more details, visit our approach to recruitment .

How we can help

If you have any questions or would like to discuss this opportunity further, please contact us at .

If you're considering applying and needsupport to do so, please get in touch. You can request adjustments either within your application or by contacting us.Should you be offered an interview, please be aware there may be a selection exercise which could include a presentation, written test or a scenario-based activity. You can select in your application to be considered under the DisabilityConfidentScheme. To be invited to interview/assessment under this scheme, your application must meet the essential criteria for the role.

Weunderstand that great minds don't always think alike and as an equal opportunities employer we welcome applications from those with all protected characteristics. We recruit on merit, fairness, and open competition in line with the Civil Service Code.

We can only accept applications from those eligible to live and work in the UK - please refer to GOV.UK for information.We require Security clearance, for which you need to have resided in the UK for at least 3 of the last 5 years to be eligible. You will need to achieve full security clearance within your first 6 months with us.