Senior Vulnerability Analyst - SC Cleared

We are seeking an experienced Senior Vulnerability Analyst to join a leading organisation in the defence and security sector. This role will focus on vulnerability management, risk mitigation, and security strategy. The client are leveraging the Microsoft Security Stack (including Microsoft Sentinel) to protect critical assets.
The ideal candidate will possess a strong technical background in vulnerability management, exceptional stakeholder engagement skills, and the ability to contribute strategically to security operations. This role is well-suited for those with a consultative approach, capable of advising and influencing security best practices within a complex enterprise environment.
Key Responsibilities

\n
• Lead vulnerability identification, assessment, and mitigation processes across enterprise environments.
\n
• Utilise Microsoft Sentinel and other Microsoft security tools to monitor, analyse, and respond to security threats.
\n
• Provide strategic insights into vulnerability trends, risk management, and security posture improvements.
\n
• Collaborate with security teams to enhance existing security policies, frameworks, and processes.
\n
• Develop and maintain stakeholder relationships across technical and non-technical teams, ensuring clear communication of security risks and recommended actions.
\n
• Work closely with IT and security operations teams to prioritise and remediate vulnerabilities efficiently.
\n
• Produce and deliver technical reports and security recommendations to senior management and security leaders.
\n
• Keep up to date with the latest cybersecurity threats, vulnerabilities, and mitigation strategies.
\n

\n
• Proven experience in vulnerability management, threat analysis, and security assessments.
\n
• Strong technical expertise in Microsoft security solutions, particularly Microsoft Sentinel, Defender, and Defender for Endpoint.
\n
• Excellent knowledge of risk assessment methodologies, penetration testing concepts, and security frameworks (e.g., NIST, ISO 27001, CIS).
\n
• Ability to engage and influence senior stakeholders and technical teams effectively.
\n
• Solid understanding of security incident response, remediation planning, and risk mitigation strategies.
\n
• Strong analytical, problem-solving, and communication skills.
\n
• Ability to work autonomously while contributing strategically to security operations.
\n

\n
• Certifications such as CISSP, CISM, OSCP, CREST, or AZ-500 (Microsoft Security Technologies).
\n
• Previous experience in defence, critical infrastructure, or highly regulated industries.
\n
• Familiarity with cloud security and security automation.
\n