Job title: Vulnerability Analyst
Job type: Permanent
Emp type: Full-time
Functional Expertise: Head of Development
Salary type: Annual
Salary: negotiable
Location: York
Job published: 2026-01-13
Job ID: 40893
Contact name: Richard Padget
Phone number: +447441346633
Contact email: richard@candour-solutions.co.uk

Job Description

Vulnerability Management Analyst - contract - London (hybrid / remote)

#TeamCandour are looking to secure an accomplished Vulnerability Management Analyst on a contract basis (insideIR35) to join the Cybersecurity team of our Global financial services organisation working out of their London office on a hybrid basis.

The initial agreement will be a 6 month engagement with the potential to extend.

Responsibilities

As a Vulnerability Analyst, you will:

  • Support and deputise for the Threat and Vulnerability Management (TVM) lead in both strategic and operational activities.
  • Play an active role in future TVM release cycles, ensuring full estate coverage and configuring additional Tenable modules.
  • Develop and maintain standard operating procedures for TVM release cycles and business-as-usual activities.
  • Analyse and prioritise outputs from TVM platforms, translating them into actionable mitigation strategies for our CI/CD pipelines.
  • Conduct routine vulnerability assessments of infrastructure and applications, collaborating with group functions and technology teams to address vulnerabilities within defined SLAs.
  • Track and manage open security weaknesses and vulnerabilities through their lifecycle to closure.
  • Provide insights into vulnerability exposure during security incidents and identify potential threat vectors.
  • Work across multi-cloud environments to resolve vulnerabilities and configuration weaknesses.

Qualifications

To excel in this role, you’ll need:

  • 1 to 3+ years of experience in a cyber analyst role, with a focus on Threat and Vulnerability Management (TVM) technologies.
  • Strong knowledge of the vulnerability management lifecycle.
  • Excellent analytical skills and the ability to work independently.
  • Experience in fast-paced environments.
  • Proficiency with Tenable One products.
  • Strong communication, presentation, and report-writing skills.
  • A BSc or MSc in Cybersecurity (desirable).
  • Industry-recognised qualifications such as CompTIA PenTest+ and GIAC GPEN (desirable).

Day-to-Day

Your typical day as a Vulnerability Analyst will include:

  • Conducting vulnerability assessments and collaborating with teams to address identified risks.
  • Monitoring and managing security weaknesses, ensuring timely resolution.
  • Supporting the TVM lead in strategic initiatives and operational tasks.
  • Configuring and optimising TVM tools, including Tenable modules.
  • Providing critical insights during security incidents to mitigate potential threats.
  • Developing and refining processes to enhance the efficiency of vulnerability management activities.

If you’re curious and want to arrange a call to run through the finer details reach out anytime!