Vulnerability Manager

Internal use only - Grade E

About us

We’re the team behind digital retailer Very. 

Our purpose, helping families get more out of life, powers everything we do. 

And we want our people to get more out of life too! If you’re high-performing, ambitious and make the most of every opportunity, we want to hear from you. In return, you’ll enjoy heaps of flexibility, great perks and benefits, and the freedom to be yourself, keep learning and take your career wherever you want it to go. 

If you love making a difference, you’ll love making it sparkle for millions of Very customers. ✨ 

About the Role

You’ll act as the central coordination and risk authority for vulnerability activity—working closely with engineering and platform teams who remain accountable for remediation delivery.

This role needs a strong technical foundation and the ability to build, lead and develop a vulnerability management team, setting clear ways of working, coaching capability and scaling our coverage and reporting as we grow.

What you will be doing.

• Own and continuously improve the end-to-end vulnerability management lifecycle across legacy, cloud, containerised and third-party environments.
• Operate and coordinate the Security Penetration Testing Framework, ensuring a consistent risk-led approach to scope, frequency, execution, retesting and closure.
• Triage, prioritise and track vulnerabilities and pen test findings—ensuring clear ownership, progress visibility and timely escalation of unmanaged risk.
• Govern risk acceptance/exceptions, compensating controls and evidence for audit and regulatory scrutiny.
• Own reporting (risk posture, trends, coverage, performance) for senior stakeholders and governance forums.
• Drive improvements in tooling, data quality, asset coverage and testing scope—working with suppliers and internal teams.
• Establish a sustainable vulnerability management team (hiring, onboarding, performance, coaching)

Essential Skills and Experience

• Strong experience coordinating vulnerability management and security penetration testing in complex enterprise environments.
• Demonstrable technical background (e.g., application/infrastructure security, cloud security, vulnerability assessment and remediation validation) with the capability to hire, lead and develop a high-performing vulnerability management team.
• Solid understanding of penetration testing methodologies and assurance expectations across applications, infrastructure, cloud and externally exposed services.
• Ability to apply risk-based judgement beyond severity scoring (exploitability, exposure and business context).
• Experience governing penetration testing (scope definition, prioritisation, retesting and remediation assurance).
• Proven track record working with engineering teams where remediation ownership sits outside of security.
• Confident stakeholder management—able to translate technical findings into clear business risk narratives.
• High standards for reporting, documentation and audit readiness.

Desirable Skills and Experience

• Experience aligning vulnerability governance to ISO 27001 and/or NIST.
• Hands-on experience configuring and operating industry-standard vulnerability testing tooling.
• Exposure to cloud-native and legacy environments.
• Experience mentoring analysts or leading capability uplift.
• Understanding of secure SDLC and modern engineering delivery models.

Some of our benefits

• Flexible, hybrid working model
• Inclusive culture and environment, check out our Glassdoor reviews

• £1000 flexible benefits allowance to suit your needs
• 30 days holiday + bank holidays
• Udemy learning access
• Bonus potential (performance and business-related)
• Up to 25% discount on Very.co.uk

• Matched pension up to 6%
• More benefits can be found on our career site

How to apply

Please note that the talent acquisition team are managing this vacancy directly, and if successful in securing this role, you will be required to undertake a credit, CIFAS, Right to Work checks and if a specific requirement of your role a DBS (criminal records) check. Should your application progress we require you to let the team know if there is anything you need to disclose in relation to any of these checks prior to them being undertaken, including any unspent criminal convictions.

What happens next?

Our talent acquisition team will be in touch if you’re successful so keep an eye on your emails! We’ll arrange a short call to learn more about you, as well as answer any questions you have. If it feels like we’re a good match, we’ll share your CV with the hiring manager to review. Our interview process is tailored to each role and can be in-person or held remotely.

You can expect a two-stage interview process for this position:

1st Stage - Initial Teams call with Hiring Team.

2nd Stage - A one-hour formal interview where you can expect both competency and technical questions with a take home task to prepare for.

Please do let us know if you require any reasonable adjustments.

Diversity, inclusion and equal opportunities

We’re building a culture of everyday inclusion, and welcome applications from anyone who believes they can do the job. We don’t discriminate based on age, disability, gender reassignment, marriage or civil partnership, pregnancy or maternity, race, religion or belief, sex, or sexual orientation.

We want our recruitment process to be accessible to everyone. If you need reasonable adjustments to apply, interview, or perform a role, let us know via [email protected]. We’ll be happy to support you.

We’re proud to be a Disability Confident Committed Employer and have nine brilliant colleague networks - including DAWN (Disability Awareness at Very) and Think (Neurodiversity at Very) - that are helping us make Very an even more inclusive place to work.