×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity

Senior Vulnerability Management Specialist

Job in Greater London, London, Greater London, EC1A, England, UK
Listing for: Deliveroo
Full Time position
Listed on 2026-01-14
Job specializations:
  • IT/Tech
    Cybersecurity
Job Description & How to Apply Below
Location: Greater London

This job is brought to you by Jobs/Redefined, the UK's leading over‑50s age inclusive jobs board.

About us:

At Deliveroo, it is our mission to build the definitive food company. In order to do that, we're building a company that is secure and protects the data and money of our customers, employees and investors.

The Role:

We are looking for an experienced and outcome‑driven Senior Vulnerability Management Specialist with excellent stakeholder management skills to join our fast‑growing Security function. In this role you'll be primarily responsible for embedding and operating Deliveroo's policy for managing security vulnerabilities. You will run vulnerability management governance and work directly with external partners and technology leaders across the business to create pragmatic solutions proportional to identified security risks.

This role presents a great opportunity to have an outside impact on the trajectory of a business that is growing at a breakneck pace. You'll directly impact how Deliveroo identifies and remediates vulnerabilities across its systems. As we continue to increase our security maturity, your role in driving sound vulnerability management across the company will play a major part in our story.

What you’ll be doing :
  • Operate, embed and manage a scalable vulnerability management policy, enforcing clear prioritisation thresholds and taking into account business context, relevant industry standards, regulatory requirements and stakeholder expectations.
  • Run vulnerability management governance processes and reporting to provide relevant committees and stakeholders with clear visibility of risk.
  • Enable system owners to manage their vulnerabilities within defined thresholds by providing them with clear visibility of relevant vulnerabilities and remediation expectations.
  • Negotiate with engineering teams to get buy‑in for remediation, translating security risks into technical reality to help prioritise fixes and manage technical debt.
  • Closely collaborate with other teams in the security function to roll out a consistent approach to vulnerability management.
  • Manage external partners to deliver penetration tests and red‑team exercises; this includes driving value through vendor selection, challenging scopes/findings, and ensuring quality delivery.
  • Analyse and validate vulnerabilities across various compute resources (Containers, VMs, Serverless) to distinguish false positives from real risks.
  • Identify opportunities to automate manual processes using scripting or workflows to improve efficiency.
Required

Skills and Experience:
  • Excellent communication and negotiation skills, with the ability to articulate technical risks to both engineering and business audiences.
  • Significant experience in vulnerability management in a fast‑paced business, preferably a technology company.
  • Bachelor's degree in Computer Science or equivalent practical experience.
  • Previously defined policy and deployed tools for managing vulnerabilities in a cloud‑native environment.
  • Experience in assessing technical security vulnerabilities and having difficult conversations with internal and external stakeholders regarding compliance and remediation.
  • Experience in managing external partners for penetration testing, including the ability to challenge findings and drive vendor performance.
  • Sound technical understanding of modern cloud technologies (e.g. AWS, Docker, ECS, Kubernetes) and CI/CD workflows, specifically understanding the lifecycle of container images and virtual machines.
  • Ability to script (e.g. Python, Bash) to automate repetitive tasks and integrate tools.
  • Familiar with security standards such as PCI‑DSS and NIST.
Preferred, but not required:
  • Relevant industry certifications such as CISSP, CISM, CRISC, OSCP.
  • Cyber kill chain, MITRE ATT&CK framework.
Why Deliveroo

Our mission is to transform the way you shop and eat, bringing the neighbourhood to your door by connecting consumers, restaurants, shops and riders. We are transforming the way the world eats and shops by making access to food and products more convenient and enjoyable. We give people the opportunity to buy what they want, as they want it, when and where they want it.

We…

Position Requirements
10+ Years work experience
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search