Vulnerability Management & Patching Specialist (Remote, EU, Africa, Americas)

Role Summary

The Vulnerability Management & Patching Specialist is responsible for delivering vulnerability identification, risk‑based prioritisation, remediation coordination, and patch compliance across multiple customer environments in a managed services model.

The role operates within clearly defined service scopes and shared‑responsibility agreements, using tools such as Tenable and patch management platforms (e.g. ManageEngine Patch Manager Plus or equivalent) to reduce customer risk while meeting contractual SLAs, regulatory obligations, and operational stability requirements.

Core Responsibilities

Vulnerability Management

• Perform scheduled and ad‑hoc vulnerability scans across customer environments using Tenable or equivalent platforms, in line with contracted service scope
• Analyse scan results to:
• Validate findings and eliminate false positives
• Assess risk based on severity, exploitability, and asset criticality
• Determine remediation ownership under the shared‑responsibility model
• Prioritise vulnerabilities according to customer SLAs, regulatory requirements, and threat exposure
• Track vulnerabilities through their lifecycle, from detection to remediation, mitigation, exception, or risk acceptance
• Support SOC escalation workflows for critical or actively exploited vulnerabilities

Patch Management

• Plan, coordinate, and execute patching activities where patching is included in the managed service scope
• Use ManageEngine Patch Manager Plus or equivalent tools to:
• Automate patch deployment
• Schedule maintenance windows
• Enforce approval workflows
• Monitor patch success and compliance
• Support emergency and zero‑day patching in response to high‑risk vulnerabilities
• Ensure patching activities minimise customer impact through testing, staged rollouts, and rollback planning
• Maintain patch baselines across servers, endpoints, and supported applications, aligned to customer contracts

Service Delivery, Governance & Reporting

• Produce customer‑facing vulnerability and patch reports, including:
• Outstanding vulnerabilities by risk level
• Patch compliance status
• SLA performance and remediation trends
• Provide clear remediation guidance to customers where patching responsibility remains client‑owned
• Maintain accurate documentation of:
• Patch schedules and deployment outcomes
• Vulnerability exceptions and compensating controls
• Risk acceptances and approvals
• Support customer audits, cyber‑insurance, and regulatory evidence requests

Required Skills & Experience

• 3–5 years’ experience in vulnerability management, patch management, SOC, or MSSP operations
• Hands‑on experience with vulnerability management tools, such as:
• Tenable Vulnerability Management / Tenable Security Center
• Qualys or equivalent (transferable skills accepted)
• Experience with patch management platforms, such as:
• ManageEngine Patch Manager Plus
• SCCM, WSUS, BigFix, Tanium, or similar
• Strong understanding of:
• CVEs, CVSS, exploitability, and risk‑based remediation
• Windows and Linux patching models
• Third‑party application patching
• Experience working in multi‑tenant, SLA‑driven environments
• Familiarity with ITIL processes, particularly Change, Incident, and Problem Management

• Relevant certifications (preferred but not mandatory):
• Tenable certifications
• Security+ or equivalent
• ITIL Foundation

Personal Attributes

• Strong organisational skills to manage multiple customers concurrently
• Ability to clearly communicate risk, remediation status, and ownership boundaries to customers
• Comfortable operating in high‑pressure, incident‑driven scenarios
• Detail‑oriented with a strong focus on evidence, reporting accuracy, and audit readiness
• Proactive mindset focused on continuous service improvement