Find & Fix Vulnerability Engineer

Find & Fix / Vulnerability Engineer: Active UK SC Clearance is essential Hybrid – 1 day onsite per week from Stevenage or Filton We are seeking a Vulnerability Management Engineer to take ownership of the full lifecycle of vulnerability management across both internal systems and client environments. This is a key role focused on improving security posture through effective identification, prioritisation, and remediation of vulnerabilities across cloud and on-prem environments. The Role You will be responsible for driving vulnerabilities through to full resolution—ensuring issues are not just identified but properly remediated, verified, and evidenced. Working closely with cross-functional teams, you will help balance risk reduction with operational stability while embedding secure practices at scale. Key Responsibilities Own the end-to-end vulnerability remediation lifecycle — from identification and validation through to remediation, verification, and closure Remediate cloud security issues using tools such as: Microsoft Defender for Cloud Azure Advisor AWS Inspector & Security Hub Conduct on-prem vulnerability scanning and coordinate remediation activities Translate security advisories into clear, actionable remediation tasks for engineering teams Resolve OS and application vulnerabilities via patching, hardening, and control implementation Collaborate with infrastructure, platform, and application teams to deploy fixes safely (including change control, testing, and rollback planning) Maintain comprehensive documentation and audit evidence, including root cause analysis and validation Produce regular reporting on vulnerability trends, SLA performance, and residual risk Deliver remediation at scale using DevOps practices and Infrastructure as Code (Terraform) Continuously improve vulnerability management processes and security baselines Environment Hybrid cloud: Azure & AWS On-prem infrastructure environments Security tooling and enterprise vulnerability management frameworks Cross-functional collaboration across engineering, security, and operations teams Key Requirements Proven experience in vulnerability management and remediation Strong exposure to Azure, AWS, and on-prem environments Experience with vulnerability scanning and security tools Understanding of security frameworks and best practices DevOps mindset with experience in automation, IaC (Terraform), and scalable solutions Strong stakeholder management and communication skills Active UK SC Clearance is essential