Go back
Northumbria Healthcare NHS Foundation Trust

Vulnerability Management Engineer

The closing date is 01 September 2025

Apply for this job

Job summary

Northumbria Healthcare is making a significant investment in new technology to transform how we deliver care. The multi-million pound programme is both challenging in the expectation of delivery as well as ensuring that our services are secure, robust and resilient at all times. An opportunity has arisen for a Vulnerability Management Engineer to join the Digital Services Team at Northumbria Healthcare NHS Foundation Trust.

Working as part of the Information Security Team, you will be responsible for reducing risk to Northumbria's IT systems and data. The post will be based at the Manufacturing and Innovation Hub premises in Seaton Delaval and you will be coordinating mitigation and resolution activities with technical staff, system stakeholders and third parties across Trust sites such as North Tyneside General Hospital, Hexham General Hospital and the Northumbria Specialist Emergency Care Hospital in Cramlington.

Please note we reserve the right to close this vacancy prior to the closing date once the required number of suitable applications have been received.

Main duties of the job

The Vulnerability Management Engineer role involves utilising the Trust's security toolset to facilitate the reduction of risk to Northumbria's IT systems and data. You will evaluate the practical criticality of vulnerabilities discovered by tooling, penetration tests, CareCERTS, audits, spot checks and assessments. You will lead and coordinate the required mitigation and resolution activities between Trust technical staff, system stakeholders, third parties, and any other parties required, to reduce the risk from all vulnerabilities by means such as patching, upgrades, reconfiguration, containment/isolation, etc.

You must be able to take a pragmatic view of risk and apply a wide knowledge of IT subjects to deliver solutions which balance risk reduction against service disruption. The role will also manage the Digital Services vulnerability register, arrange Penetration Testing and IT health checks, and take a key role in the Trust's cyber compliance activities and accreditations.

Experience of leading group work to resolve issues is essential alongside excellent communication skills as you will be regularly liaising with clinical and business services, service delivery teams and 3rd party suppliers. You will be responsible for generating regular vulnerability reports for senior management and will be required present and discuss these. You will have recent and comprehensive experience of working in large-scale, corporate, connected and distributed IT environments.

About us

We manage three major locality hospitals at North Tyneside, Wansbeck and Hexham, plus a number of smaller community hospitals and clinics from Tynemouth to Berwick on Tweed, covering one of the largest geographical areas of any NHS trust in the country. Leading in innovation and quality - opening a state of the art Northumbria Specialist Emergency Care Hospital, the first of its kind in England. Do you want to work in one of the best performing NHS organisations in England? Work in an organisation that supports its staff and focuses on staff experience as much as it does the experience of its patients? You can live and breathe in an area that has the cleanest air, cost effective living, great nightlife, some of the best schools with a wealth of history available on your doorstep. Sound too good to be true? Well it isn't, this is what you get when you work for Northumbria Healthcare, this is the Northumbria Way! Please read 'applicant guidance notes' before submitting your application.

Details

Date posted

22 August 2025

Pay scheme

Agenda for change

Band

Band 7

Salary

£47,810 to £54,710 a year per annum

Contract

Permanent

Working pattern

Full-time, Flexible working

Reference number

319-7370605JN

Job locations

Northumbria Healthcare Manufacturing and Innovation Hub

Avenue Rd, Seaton Delaval

Whitley Bay

NE25 0QJ


Job description

Job responsibilities

  • Provide leadership and co-ordination for vulnerability management projects

  • Ownership of compliance submissions including Data Security and Protection Toolkit, and DCB 1596 NHS Secure Mail Accreditation

  • Develop viable options for the Trust response to vulnerabilities.

  • Perform recurring and on-demand scanning of Trust systems and cloud environments.

  • Review the Trusts security toolset to identity vulnerabilities in hardware, software, operating systems, web services, and other Trust information systems.

  • Classify and communicate the risk of identified vulnerabilities and recommend security controls to mitigate them

  • Maintain documentation regarding threat management, including policies and procedures

  • Assist technology teams to develop, implement, and automate security solutions

  • Improve and automate existing vulnerability management systems

  • Research and assess emerging security threats and vulnerabilities

  • Manage the penetration testing of Trust systems for compliance and assurance.

  • Manage the Trusts vulnerabilities register and escalate to risk register as appropriate.

  • Work with Digital Services teams to implement approved standard builds across all managed assets and manage the ongoing configuration and release management processes.

Job description

Job responsibilities

  • Provide leadership and co-ordination for vulnerability management projects

  • Ownership of compliance submissions including Data Security and Protection Toolkit, and DCB 1596 NHS Secure Mail Accreditation

  • Develop viable options for the Trust response to vulnerabilities.

  • Perform recurring and on-demand scanning of Trust systems and cloud environments.

  • Review the Trusts security toolset to identity vulnerabilities in hardware, software, operating systems, web services, and other Trust information systems.

  • Classify and communicate the risk of identified vulnerabilities and recommend security controls to mitigate them

  • Maintain documentation regarding threat management, including policies and procedures

  • Assist technology teams to develop, implement, and automate security solutions

  • Improve and automate existing vulnerability management systems

  • Research and assess emerging security threats and vulnerabilities

  • Manage the penetration testing of Trust systems for compliance and assurance.

  • Manage the Trusts vulnerabilities register and escalate to risk register as appropriate.

  • Work with Digital Services teams to implement approved standard builds across all managed assets and manage the ongoing configuration and release management processes.

Person Specification

Qualifications

Essential

  • Degree, or equivalent, in Computer Networks, Computer Forensics, Engineering or related subject (modules in Cyber Security would be advantageous) plus specialist Its security knowledge and expertise in large-scale IM&T procedures and techniques.
  • Current Cyber Security Qualification or evidence of attendance on a range of Cyber Security Training courses is essential.

Experience

Essential

  • Experience in vulnerability management or compliance monitoring
  • Experience leading in a cybersecurity environment
  • Experience in technical project management
  • Experience in vulnerability scanning, penetration testing, network admission control, and/or SIEM
  • Experience in design and implementation of security technologies
  • Experience with IT controls monitoring for regulatory and compliance requirements

Desirable

  • Knowledge of or experience in coaching and mentoring practices and tools
  • Knowledge of or experience in Quality improvement tools, techniques and methods
Person Specification

Qualifications

Essential

  • Degree, or equivalent, in Computer Networks, Computer Forensics, Engineering or related subject (modules in Cyber Security would be advantageous) plus specialist Its security knowledge and expertise in large-scale IM&T procedures and techniques.
  • Current Cyber Security Qualification or evidence of attendance on a range of Cyber Security Training courses is essential.

Experience

Essential

  • Experience in vulnerability management or compliance monitoring
  • Experience leading in a cybersecurity environment
  • Experience in technical project management
  • Experience in vulnerability scanning, penetration testing, network admission control, and/or SIEM
  • Experience in design and implementation of security technologies
  • Experience with IT controls monitoring for regulatory and compliance requirements

Desirable

  • Knowledge of or experience in coaching and mentoring practices and tools
  • Knowledge of or experience in Quality improvement tools, techniques and methods

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Certificate of Sponsorship

Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).

From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).

Additional information

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Certificate of Sponsorship

Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).

From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).

Employer details

Employer name

Northumbria Healthcare NHS Foundation Trust

Address

Northumbria Healthcare Manufacturing and Innovation Hub

Avenue Rd, Seaton Delaval

Whitley Bay

NE25 0QJ


Employer's website

https://www.northumbria.nhs.uk/ (Opens in a new tab)

Employer details

Employer name

Northumbria Healthcare NHS Foundation Trust

Address

Northumbria Healthcare Manufacturing and Innovation Hub

Avenue Rd, Seaton Delaval

Whitley Bay

NE25 0QJ


Employer's website

https://www.northumbria.nhs.uk/ (Opens in a new tab)

Employer contact details

For questions about the job, contact:

Technical Information Security Engineer

Graham Reynolds

graham.reynolds@northumbria-healthcare.nhs.uk

Details

Date posted

22 August 2025

Pay scheme

Agenda for change

Band

Band 7

Salary

£47,810 to £54,710 a year per annum

Contract

Permanent

Working pattern

Full-time, Flexible working

Reference number

319-7370605JN

Job locations

Northumbria Healthcare Manufacturing and Innovation Hub

Avenue Rd, Seaton Delaval

Whitley Bay

NE25 0QJ


Supporting documents

Privacy notice

Northumbria Healthcare NHS Foundation Trust's privacy notice (opens in a new tab)