Join to apply for the Threat & Exposure Management Consultant role at Stott and May

Start: ASAP    Duration: 6-12 months    Location: London (2-3 days per week)    Pay: negotiable DoE, INSIDE IR35

Overview

We are seeking an experienced Threat & Vulnerability Management Specialist to lead the end-to-end process of identifying, assessing, and remediating security vulnerabilities across IT and cloud platforms. This role acts as a critical link between security operations and business stakeholders, ensuring the organisation remains resilient against evolving cyber threats.

Key Responsibilities

• Lead the vulnerability management lifecycle: assessment, risk analysis, prioritisation, and remediation tracking
• Monitor the threat landscape and provide timely intelligence to reduce risk exposure
• Support incident response efforts through threat attribution, malware analysis, and defensive recommendations
• Conduct proactive threat hunting and investigation using known TTPs
• Utilise tools such as CrowdStrike Falcon for detection, endpoint protection, and exposure management
• Communicate threat insights and remediation plans to both technical and non-technical stakeholders
• Maintain relevant documentation, risk metrics, and support the development of threat processes

Essential Skills & Experience

• Strong technical background with scripting ability (e.g. Python)
• Proven threat hunting experience and malware analysis skills
• Good understanding of OWASP Top 10, DevSecOps threats, and cloud architectures (Azure, AWS)
• Experience with vulnerability management, incident response, and security operations tools (e.g. ServiceNow, Remedy)
• Familiarity with operating systems (Windows, Linux, Unix), databases (SQL, Oracle, Mongo), and cloud-based security controls
• Strong communication skills, both written and verbal
• Proficient in producing documentation, dashboards, and reporting
• Hands-on experience with CrowdStrike Falcon and associated modules

Desirable

• 3–5+ years in threat or vulnerability management, DevSecOps, or penetration testing
• Experience in agile environments and cross-functional teams
• Knowledge of cloud security best practices
• Industry certifications such as OSCP, CRTO, GPEN, AWS/Azure Security Certifications

Seniority level

• Mid-Senior level

Employment type

• Full-time

Job function

• Consulting, Information Technology, and Sales
• Industries: Staffing and Recruiting

Note: This description retains the core responsibilities and qualifications required for the role while removing extraneous browser-era sections and duplicate text.