Senior Vulnerability Management Specialist

At Deliveroo, it is our mission to build the definitive food company. In order to do that, we’re building a company that is secure and protects the data and money of our customers, employees and investors.

We are looking for an experienced and outcome-driven Senior Vulnerability Management Specialist with excellent stakeholder management skills to join our fast-growing Security function. In this role you’ll be primarily responsible for embedding and operating Deliveroo’s policy for managing security vulnerabilities. You will run vulnerability management governance and work directly with external partners and technology leaders across the business to create pragmatic solutions proportional to identified security risks.

This role presents a great opportunity to have an outside impact on the trajectory of a business that is growing at a breakneck pace. You’ll directly impact how Deliveroo identifies and remediates vulnerabilities across its systems. As we continue to increase our security maturity, your role in driving sound vulnerability management across the company will play a major part in our story.

• Operate, embed and manage a scalable vulnerability management policy, enforcing clear prioritisation thresholds and taking into account business context, relevant industry standards, regulatory requirements and stakeholder expectations.
• Run vulnerability management governance processes and reporting to provide relevant committees and stakeholders with clear visibility of risk.
• Enable system owners to manage their vulnerabilities within defined thresholds by providing them with clear visibility of relevant vulnerabilities and remediation expectations.
• Negotiate with engineering teams to get buy‑in for remediation, translating security risks into technical reality to help prioritise fixes and manage technical debt.
• Closely collaborate with other teams in the security function to roll out a consistent approach to vulnerability management.
• Manage external partners to deliver penetration tests and red‑team exercises; this includes driving value through vendor selection, challenging scopes/findings, and ensuring quality delivery.
• Analyse and validate vulnerabilities across various compute resources (Containers, VMs, Serverless) to distinguish false positives from real risks.
• Identify opportunities to automate manual processes using scripting or workflows to improve efficiency.

• Excellent communication and negotiation skills, with the ability to articulate technical risks to both engineering and business audiences.
• Significant experience in vulnerability management in a fast‑paced business, preferably a technology company.
• Bachelor's degree in Computer Science or equivalent practical experience.
• Previously defined policy and deployed tools for managing vulnerabilities in a cloud‑native environment.
• Experience in assessing technical security vulnerabilities and having difficult conversations with internal and external stakeholders regarding compliance and remediation.
• Experience in managing external partners for penetration testing, including the ability to challenge findings and drive vendor performance.
• Sound technical understanding of modern cloud technologies (e.g. AWS, Docker, ECS, Kubernetes) and CI/CD workflows, specifically understanding the lifecycle of container images and virtual machines.
• Ability to script (e.g. Python, Bash) to automate repetitive tasks and integrate tools.
• Familiar with security standards such as PCI‑DSS and NIST.

• Relevant industry certifications such as CISSP, CISM, CRISC, OSCP.
• Cyber kill chain, MITRE ATT&CK framework.

Our mission is to transform the way you shop and eat, bringing the neighbourhood to your door by connecting consumers, restaurants, shops and riders. We are transforming the way the world eats and shops by making access to food and products more convenient and enjoyable. We give people the opportunity to buy what they want, as they want it, when and where they want it.

We are a technology‑driven company at the forefront of the most rapidly expanding industry in the world. We are still a small team, making a very large impact, looking to answer some of the most interesting questions out there. We move fast, value autonomy and ownership, and we are always looking for new ideas.

At Deliveroo we know that people are the heart of the business and we prioritise their welfare. Benefits differ by country, but we offer many benefits in areas including healthcare, well‑being, parental leave, pensions, and generous annual leave allowances, including time off to support a charitable cause of your choice. Benefits are country‑specific, please ask your recruiter for more information.

At Deliveroo, we believe a great workplace is one that represents the world we live in and how beautifully diverse it can be. That means we have no judgement when it comes to any one of the things that make you who you are - your gender, race, sexuality, religion or a secret aversion to coriander. All you need is a passion for (most) food and a desire to be part of one of the fastest‑growing businesses in a rapidly growing industry.

We are committed to diversity, equity and inclusion in all aspects of our hiring process. We recognise that some candidates may require adjustments to apply for a position or fairly participate in the interview process. If you require any adjustments, please don't hesitate to let us know. We will make every effort to provide the necessary adjustments to ensure you have an equitable opportunity to succeed.