Exposure Management Validation Lead

Our Threat and Vulnerability Management function within Cyber Operations is dedicated to safeguarding our organisation against cyber threats by proactively identifying, assessing, and mitigating vulnerabilities and exposures. Our mission extends beyond traditional security practices, incorporating cutting-edge approaches as we move from a traditional VM capability into Exposure Management and on our way to Continuous Threat Exposure Management (CTEM). This role will play a critical part in the ongoing transformation of this function.

As our Exposure Management Validation Lead, you will take ownership of validating security exposures across our technology estate, coordinating external penetration testing providers on a call-off basis, and ensuring that testing activity aligns to risk-driven exposure priorities. Acting as the bridge between traditional offensive security and continuous, exposure-led validation, you will help us shift from periodic penetration testing to continuous assurance.

You'll design and execute hands-on validation to confirm true exploitability and business impact across infrastructure, cloud, applications and identity platforms. You will own the operational strategy for exposure validation, defining the scope, approach and continuous improvement of activities. Where external testing is required, you'll coordinate third-party penetration testing providers on a call-off basis. You will prioritise validation efforts using threat intelligence, asset criticality and business risk.

Collaboration is key to this role. You'll work closely with Security Engineering, GRC and SOC teams to ensure validation insights feed into broader exposure-reduction activity. In addition, you will translate technical validation findings into clear, business-focused narratives that support informed-decision making. You'll also evaluate and recommend advanced validation tooling, identify coverage gaps, propose improvements to strengthen the overall exposure management ecosystem and contribute to maturity assessments and roadmap development.

To succeed, you'll bring strong experience in offensive security, penetration testing or red teaming, combined with a familiarity with Exposure Management tooling in the Validation space. This will be supported by certifications such as CISSP or CISM alongside a degree or relevant experience in Computer Science, Information Security or a related field. In addition, you'll need experience working with and the management of third-party security testing suppliers.

If you're excited by transforming security validation into something continuous, intelligence-led and genuinely risk-driven, we'd love to hear from you.