Vulnerability Engineer

Vulnerability Engineer

Location: dmg::media Headquarters – London
Position: Permanent 

About dmg media

dmg media maintains an unwavering commitment to uncovering the stories that matter most. Its brands Daily Mail, The Mail on Sunday, Metro, The i Paper, MailOnline, and Mail+reach more than 9 million people daily in the UK.

Globally, dmg media’s brands reach 160 million unique browsers every month across its domains and apps.*

Its global newsroom of journalists, formidable story-getting power, and breadth of content formats, delivers highly engaging, trusted content to loyal and new audiences, 24 hours a day, seven days a week.

The Mail brand reaches three in five Brits every month and is officially the best-read, most recognised, most engaged newsbrand in the country. It is the largest news publisher on TikTok with over 28 million total followers and nearly 45 billion views** in the past year.

www.dmgmedia.co.uk

*GA Sept 2024

**March 2024 - Feb 2025 inclusive

About the Role

We are seeking a Vulnerability Engineer to help build and drive our vulnerability management function. This is a key role for someone with the technical skills, automation mindset, and proactive attitude to take the capability to the next level.

Reporting to the Head of Security Engineering within the Information Security function, the ideal candidate will have strong scripting and automation skills, experience in hybrid environments (on-prem and cloud), and the initiative to design and scale intelligent solutions.

This role is suited to someone who thrives on ownership, brings ideas to life through automation, and collaborates effectively with teams across the business.

Main Responsibilities

• Develop, implement, and maintain an automated and scalable vulnerability management program using Tenable and related tools.
• Establish and enforce vulnerability management policies, scan configurations, and best practices, aligned to frameworks such as ISO 27001, NIST, and CIS.
• Integrate vulnerability scanning and remediation into CI/CD pipelines and development workflows to ensure security at speed.
• Automate data collection, triage, reporting, and ticketing processes using scripting languages such as Python, Bash, PowerShell, or Go.
• Collaborate with IT, DevOps, and engineering teams to remediate identified vulnerabilities quickly and effectively.
• Scope and coordinate penetration testing activities; track remediation and risk acceptance outcomes.
• Monitor, measure, and report on vulnerability management performance, including KPIs, SLAs, and risk metrics.
• Develop and document information security processes and policies related to vulnerability detection, triage, remediation, and escalation.
• Coordinate and lead regular remediation meetings with engineering, DevOps, and infrastructure teams to track progress and unblock issues.
• Present findings, risk summaries, and progress reports to the security steering committee, ensuring business alignment and visibility.
• Stay current with emerging cyber threats, vulnerabilities, tools, and mitigation techniques, and evolve the VM function accordingly.
• Provide guidance and training to internal teams on secure development and remediation practices.

 Person Specification

 Essential

• Proven experience in vulnerability management across hybrid (on-prem and cloud) infrastructure.
• Hands-on experience with Tenable and integration of VM tools into CI/CD pipelines.
• Strong scripting skills using languages such as Python, Bash, PowerShell, or Go.
• Familiarity with APIs, automation workflows, and integrating with platforms like Jira, ServiceNow, or Slack.
• Ability to scope penetration tests and manage findings through to remediation.
• Strong understanding of security frameworks and standards such as ISO 27001, NIST, and CIS.
• Excellent communication, presentation, and influencing skills, with the ability to explain complex technical issues to non-technical stakeholders.
• Analytical and solution-oriented mindset with the ability to drive improvements independently and as part of a team.
• Proven collaboration and stakeholder engagement skills.

 Preferred Qualifications and Experience

• Ability to demonstrate working with a medium to large technology enterprise.
• Experience in building and managing a vulnerability management function.
• Familiarity with the media industry and its unique security challenges.
• Advanced knowledge of security tools and technologies.
• Strong analytical and problem-solving skills, and the ability to interpret data and metrics related to cyber risk.
• Awareness of current and emerging cyber threats and trends affecting third parties and organisations.
• Experience with Wiz.io or Snyk.io platforms for cloud and application security

Why Join Us: At dmg media, you will have the opportunity to work with some of the best talent in the industry and contribute to the security of our innovative digital platforms. We offer a collaborative and supportive work environment, competitive compensation, and opportunities for professional growth.

Package Description

Our benefits package increases the longer you’ve been with us. Here’s what to expect:

• 25 days’ holiday (increasing by 1 per year up to a total of 30)
• Upon joining you will be automatically enrolled onto the Pension Plan at the minimum level of 5% employee contribution, 3% Company contribution.
• Life cover under the Pension Plan 4x your basic salary.
• DMGT Discounts (for discounts on online shopping, vouchers and reloadable cards)
• Subsidised canteen
• Onsite gym
• Onsite nurse and GP clinics
• Our Employee Assistance Programme
• Discounted dining cards

Plus many other benefits….

Our Commitment

We are committed to increasing diversity and maintaining an inclusive workplace culture. We welcome applications from all qualified candidates regardless of their ethnicity, race, gender, religious beliefs, sexual orientation, age, marital status, or disability.

We are Disability Confident Committed. Please let us know if you require any recruitment documentation in other formats or if you require reasonable adjustments to be made during the recruitment process. Please be assured that any such information will be held separately to your recruitment application and will not be considered as part of the selection process.