Security Incident, Threat & Vulnerability Manager - Compliance & Assurance - Counter Terrorism Policing HQ
Job Title: Security Incident, Threat & Vulnerability Manager - Compliance & Assurance - Counter Terrorism Policing HQ
Salary: The starting salary is £60,893, which includes allowances totalling £2,928.
The salary is broken down as £57,965 basic salary, which will increase annually until you reach the top of the scale £63,230. Plus, a location allowance of £1,928 and a non-pensionable allowance of £1,000.
Location: West Brompton
Job Summary
The Security Incident, Threat & Vulnerability Manager is responsible for:
- Overseeing the response and resolution of security incidents within Counter Terrorism Policing (CTP).
- Identifying, assessing, and mitigating security vulnerabilities across CTPs IT infrastructure, applications and environments.
- Identifying, analysing and mitigating security threats that could impact CTPs IT infrastructure, applications and data
This role requires a strong background in security operations, incident response, and threat and vulnerability management as it involves:
- Managing security incidents and coordinating teams to ensure rapid incident handling and improving security protocols to prevent future breaches.
- Managing vulnerability assessment programs, coordinating patch management efforts, and working with various teams to remediate security risks effectively.
- Leading threat intelligence efforts, threat hunting, and proactive security monitoring to stay ahead of threat actors tactics.
This role works closely with IT, security, legal, incident responders and senior leadership to minimise the impact of security breaches and continuously improve and strengthen CTPs security posture.
Key Tasks
The post holder will be required to do the following:
- Lead and coordinate the response to security incidents, ensuring timely detection, investigation, and resolution.
- Develop, implement, and maintain the Incident Response Plan (IRP) to address security breaches and threats effectively.
- Act as the primary point of contact during security incidents, ensuring clear communication between relevant teams, external stakeholders and senior leadership.
- Conduct forensic analysis, root cause analysis, and post-incident reviews to identify vulnerabilities and prevent recurrence.
- Escalate critical incidents to the appropriate stakeholders, including regulatory bodies, when necessary.
- Identify patterns, indicators of compromise (IoCs), and emerging threats to proactively mitigate risks.
- Collaborate with threat intelligence teams to stay ahead of cyber threats, vulnerabilities, and attack vectors.
- Establish and refine incident response processes, playbooks, and standard operating procedures (SOPs) for security events.
- Conduct table top exercises, simulations, and red team/blue team exercises to test and improve response capabilities.
- Evaluate incident response tools, automation, and emerging technologies to enhance security operations.
- Prepare and present post-incident reports, including key metrics, lessons learned, and remediation plans to senior management.
- Work closely with IT, DevOps, security and compliance teams to implement security controls and reduce attack surfaces.
- Provide guidance and training to security teams on incident response best practices.
- Develop, implement, and maintain the vulnerability management lifecycle, including discovery, assessment, prioritisation, and remediation.
- Establish policies and procedures for identifying, tracking, and mitigating vulnerabilities.
- Collaborate with IT and DevOps teams to integrate vulnerability management into CI/CD pipelines.
- Conduct regular vulnerability scans across networks, servers, applications, databases, and services using vulnerability assessment tools.
- Analyse vulnerability reports and correlate findings with threat intelligence to determine real-world risk exposure.
- Stay up to date with the latest zero-day vulnerabilities, CVEs, exploits, and security advisories to assess potential threats.
- Work with penetration testing teams to validate and remediate critical vulnerabilities.
- Partner with IT, DevOps, and security teams to ensure timely patch management and configuration hardening.
- Develop automated solutions to streamline vulnerability remediation processes.
- Track vulnerability remediation progress and escalate unresolved security risks to senior leadership.
- Implement compensating controls where immediate remediation is not feasible.
- Support audits and security assessments by providing reports and evidence of vulnerability management activities.
- Develop and maintain vulnerability management policies, procedures, and reports.
- Provide executive reports on vulnerability trends, risk levels, and remediation progress to stakeholders.
- Act as a subject matter expert (SME) in vulnerability management for security teams, developers, and system administrators.
- Develop and lead a threat intelligence program to monitor and analyse cyber threats, attack patterns, and emerging vulnerabilities.
- Gather intelligence from open-source (OSINT), commercial feeds, dark web monitoring, and industry threat-sharing platforms.
- Analyse tactics, techniques, and procedures (TTPs) used by Advanced Persistent Threats (APTs), ransomware groups, and cybercriminals.
- Work with Security Operations Centre (SOC) teams to improve detection of Indicators of Compromise (IoCs) and Indicators of Attack (IoAs).
- Provide executive reports on threat trends, risk assessments, and security recommendations.
- Develop and implement threat intelligence playbooks and standard operating procedures (SOPs).
Vetting
This post requires access to the most sensitive intelligence material on a daily basis. Applicants must hold or be prepared to undergo National Security Vetting (NSV) Developed Vetting (DV) level before taking up the post.
This post requires British nationality (some dual nationals may be ineligible) and an Enhanced Security Check (eSC)/Developed Vetting (DV)] clearance.
As the post holder will have access to very sensitive information, there are limitations on travelling to a small number of countries and we will undertake additional security checks as part of the recruitment process. Applications from candidates with close connections to certain countries may take considerably longer to process, or in some cases result in a withdrawal of an offer of employment. Further details will be provided at the conditional offer stage.
Confidentiality Agreement
Applicants should also be aware of the need to sign a confidentiality agreement on taking up the post.
Our Employee Commitments
Counter Terrorism Policing aims to create an inclusive and welcoming atmosphere and culture and an environment where all our people feel a strong sense of belonging and are able to reach their full potential. Where any group or individual can be and feel respected, supported and valued to fully participate and contribute to our mission of “Working to keep people safe from Terrorism”.
Inclusion, diversity and equality is at the front and centre of our approach to make the composition of Counter Terrorism Policing more representative of the communities we serve. As Counter Terrorism is rooted in Local Policing, to tackle today’s complex policing challenges, applications from across all communities are therefore essential and encouraged. Counter Terrorism Policing as a network is committed to ensuring that disabled people and those with long-term health conditions have the opportunities to fulfil their potential and realise their aspirations’.
Counter Terrorism Policing is committed to creating an inclusive working environment. We welcome and encourage applications from candidates who are seeking flexible working arrangements, including part time working or job share. In addition, this role has been reviewed following learning from work during the Covid pandemic and may be done in an agile manner. In the first instance, please contact the vacancy holder to discuss how such arrangements could be accommodated (where applicable).
How to apply
Click the apply now button below and start your career at the Met. Applications will be via an online application form.
Completed applications must be submitted by 23:55 on 6th April 2025.
Once received, your application will be reviewed against eligibility criteria, following this, your application will be reviewed by the hiring manager. The application review for this vacancy will commence 2 weeks from the closing date.