Lead and mature the organisation's endpoint security and vulnerability management capabilities to reduce cyber risk across endpoints, servers, cloud workloads, and remote devices. Build and run high-performing operations and engineering teams that detect, prevent, and remediate endpoint threats and vulnerabilities, ensure timely patching and configuration hygiene, and drive measurable improvement in vulnerability posture and incident response outcomes.
Key responsibilities
Strategy & governance
- Define and continuously improve the endpoint security and vulnerability management strategy, aligned to enterprise risk priorities, regulatory requirements, and business objectives.
- Establish governance, policies, standards, and operating procedures for endpoint protection, EDR/XDR, patch management, configuration baselines, vulnerability scanning, and false-positive tuning.
- Maintain metrics, dashboards, and reporting to executive stakeholders that demonstrate programme performance, risk reduction, and trends.
Operations & programme delivery
- Lead day-to-day operations for endpoint security platforms (EDR/XDR, AV/NGAV, application control, device control) and vulnerability management platforms (network/agent/credentialed scanners, cloud scanners, SCA - software composition analysis).
- Oversee vulnerability discovery, triage, risk scoring, prioritisation, remediation tracking, and validation workflows for assets across on-prem, cloud, and remote environments.
- Drive patch management processes across OS, third‑party applications, and firmware - including scheduling, testing, exception management, and emergency patching.
- Ensure integration between security tools (SIEM/XDR, SOAR, CMDB/asset inventory, ITSM) to automate detection-to-remediation playbooks and reduce manual toil.
- Manage incident support for endpoint-related security incidents and coordinate containment, eradication, and recovery activities with NOC, IT Ops, Cloud Ops, and Incident Response teams.
Team leadership & capability building
- Build, coach and mentor a cross-functional team of cybersecurity engineers, analysts, and vulnerability analysts define roles and career progression.
- Establish 24/7 coverage or on-call rota as appropriate create runbooks, playbooks, and run metrics for operational effectiveness.
- Promote cross-team collaboration with IT, DevOps, Cloud, Engineering, and business units to embed secure-by-design and timely remediation behaviours.
Risk management & compliance
- Partner with Risk, Audit, and Compliance functions to ensure endpoint and vulnerability programmes meet internal control objectives and regulatory requirements (e.g., data protection, critical infrastructure rules).
- Lead root-cause analysis for recurring vulnerabilities or incidents and implement corrective measures to prevent recurrence.
- Support third-party security reviews and vendor risk assessments for endpoint and scanning tools.
Tooling & architecture
- Own technical roadmap for EDR/XDR, vulnerability scanning, patch orchestration, device control, mobile device management (MDM) and related tooling manage vendor relationships and procurement lifecycle.
- Define and validate secure configurations and detection content drive engineering work to reduce alert volumes and improve detection fidelity.
- Evaluate and implement automation and orchestration (SOAR, MDM integration, patch automation) to reduce MTTR and improve remediation rates.
Stakeholder management & communication
- Communicate programme status, key risks, and remediation plans to senior leadership and business stakeholders.
- Advocate for resources and investments by presenting cost/benefit, risk reduction metrics, and scenario analysis.
- Run periodic briefings and tabletop exercises to validate readiness for endpoint-focused incidents (e.g., ransomware, supply-chain exploitation).
Required skills and experience
- Bachelor's degree in Computer Science, Information Security, Engineering, or related field or equivalent practical experience.
- 12+ years of hands-on cybersecurity experience with at least 3-5 years in a people management or senior technical leadership role.
- Deep technical experience with endpoint detection & response (EDR/XDR), next-gen AV, application allowlisting, device control, MDM, and host-based hardening.
- Proven experience managing vulnerability management programmes at scale, including vulnerability scanning (agent and agentless), SCA, remediation orchestration, and CVE lifecycle management.
- Strong knowledge of operating systems (Windows, macOS, Linux), container and cloud-native workloads, enterprise patching strategies, and common endpoint attack techniques (malware, living-off-the-land, credential theft).
- Practical experience integrating endpoint and vulnerability tools with SIEM/XDR, SOAR, ITSM/CMDB, and orchestration platforms.
- Solid understanding of risk frameworks and security controls (e.g., NIST CSF, CIS Controls, MITRE ATT&CK) and ability to map controls to technical implementations.
- Excellent leadership, stakeholder management, and communication skills ability to explain technical risk to non-technical executives.
- Strong analytical, troubleshooting, and incident handling skills capability to lead post-incident reviews and drive remediation.
