Role Overview We are looking for a hands-on Security Controls Validation Engineer with strong experience in vulnerability management, security control assessment, and enterprise security technologies. This role focuses on identifying security gaps across enterprise environments, validating the effectiveness of existing security controls, and working closely with infrastructure, application, and endpoint security teams to drive remediation outcomes. The ideal candidate should have practical exposure to vulnerability management platforms, endpoint security technologies, and security frameworks such as NIST and Essential Eight. The role requires a strong understanding of enterprise security operations and the ability to provide practical, risk-based recommendations. Key Responsibilities Perform vulnerability assessments across servers, endpoints, and infrastructure environments using enterprise security tools and manual validation techniques Analyse security gaps and assess risk exposure across endpoint, infrastructure, and application environments Validate effectiveness of existing security controls and identify gaps where vulnerabilities exist despite security tooling being in place Work closely with Infrastructure, Endpoint Security, Cloud, and Application teams to support remediation and closure of identified security findings Re-test and validate remediation activities to ensure vulnerabilities and control gaps are effectively addressed Provide practical and implementable security recommendations aligned with enterprise operational constraints Support targeted security validation activities to assess effectiveness of endpoint protection and security policies Assist in troubleshooting issues where security controls or endpoint policies impact business applications Support attack simulation and control validation exercises to assess detection and response capabilities Contribute to security assessments aligned with frameworks such as NIST and Essential Eight Assist in validating compliance gaps identified during internal and external security audits Provide clear and actionable reporting for technical teams, leadership stakeholders, and audit requirements Support vulnerability management lifecycle activities including risk prioritisation, remediation tracking, and closure validation Technical Exposure Microsoft Defender for Endpoint (MDE) Rapid7 InsightVM or similar vulnerability management platforms Trellix ePO / Application Control (AWL) Endpoint security technologies and enterprise security tooling Windows and/or Linux server environments Exposure to SIEM platforms such as Splunk is advantageous What We're Looking For Strong experience in vulnerability management and security control validation Good understanding of enterprise security controls, endpoint security, and infrastructure security concepts Experience analysing vulnerability data and prioritising remediation activities based on risk Working knowledge of security frameworks such as NIST and Essential Eight Exposure to enterprise endpoint security and vulnerability management platforms Ability to collaborate effectively with cross-functional technical teams Strong communication, reporting, and stakeholder management skills Self-driven, practical, and outcome-focused approach Nice to Have Experience in large enterprise environments Exposure to cloud security concepts and hybrid infrastructure environments Basic scripting or automation knowledge (PowerShell, Python, or Bash) Exposure to security operations or incident response activities
