Lead Secops Consultant - Vulnerability Management

Role: Lead SecOps Consultant - Vulnerability Management Transformation

Location: UK remote with occasional site travel

Contract: Competitive market rate

Contract length: 6 months with strong chance of extension

Enablis are working with a leading financial services provider who are looking for a Lead SecOps Consultant to transform their vulnerability management capabilities. This is a critical role requiring both strategic vision and hands-on technical expertise to build a best-in-class vulnerability management programme.

The Opportunity:

You'll be joining an organisation that provides banking platform services to multiple companies, where vulnerability management has become fragmented across teams. They need someone who can move them from reactive incident-based responses to a proactive, engineering-led security approach that meets stringent financial services compliance requirements.

• Assess & Transform: Conduct comprehensive current state assessment and design a unified vulnerability management strategy that brings consistency across platform, mobile, web, and Back End teams
• Tool Selection & Implementation: Evaluate, select and implement the optimal blend of commercial and custom vulnerability management tools, including DAST capabilities to complement existing SAST
• Build Context-Driven Processes: Develop sophisticated vulnerability scoring mechanisms that go beyond standard CVSS to incorporate internal threat context and business risk
• Embed Engineering Excellence: Champion a \"security as engineering\" mindset, integrating vulnerability management into CI/CD pipelines and development workflows
• Drive Compliance: Ensure all processes meet PCI-DSS, 3DS, SOC2, and ISO requirements with robust audit trails and evidence collection
• Enable Teams: Create frameworks and playbooks that empower engineering teams to resolve vulnerabilities efficiently, particularly through dependency management

• Proven Track Record: 7+ years in security engineering with at least 3 years leading vulnerability management programmes in regulated environments
• Financial Services Experience: Deep understanding of PCI-DSS requirements, authenticated scanning, and financial services security standards
• Technical Depth: Hands-on experience with vulnerability scanning tools (Tenable preferred), SAST/DAST implementation, and security automation
• Engineering Mindset: Background in software engineering or DevOps with ability to work closely with development teams and understand their workflows
• Strategic Vision: Ability to design and implement enterprise-wide vulnerability management strategies while maintaining focus on practical delivery
• Communication Excellence: Capability to influence stakeholders from engineers to executives, translating technical risks into business impact

• Comprehensive vulnerability management strategy and roadmap
• Tool architecture design and implementation plan
• Risk-based vulnerability scoring framework
• Process documentation meeting audit requirements
• Knowledge transfer and team enablement

This role offers the opportunity to make a significant impact on the security posture of a critical financial services provider while working with cutting-edge security technologies and talented engineering teams.

We're an equal opportunity employer and we value diversity at our company. We do not discriminate on the basis of race, religion, national origin, gender, sexual orientation, age, marital status, or disability status.