ST Engineering Group
Asst Manager, Threat & Exposure Management (2 Years Contract)

How your CV stacks up
Upload your CV to see how well it fits this job role
?%
Key Job Accountabilities
Threat & Exposure Management
- Continuously monitor and assess cyber threats, vulnerabilities, and attack surfaces.
- Aggregate findings from vulnerability scans, threat intelligence, penetration tests, and red teaming.
- Identify critical exposures and prioritise based on business risk and impact.
- Manage takedown services with external providers.
Threat Intelligence Integration
- Leverage internal and external threat intelligence sources.
- Map threats to organisational assets and vulnerabilities.
- Track emerging threats, zero-days, and active campaigns.
Vulnerability Management
- Coordinate vulnerability scanning activities and ensure coverage.
- Validate scan results and eliminate false positives.
- Work with Group IT/International Business Units teams to remediate vulnerabilities.
Attack Surface Management
- Identify and monitor internal and external attack surfaces.
- Discover shadow IT, exposed assets, and misconfigurations.
- Ensure external-facing assets are secured and continuously assessed.
- Use AI-driven agents to safely simulate and validate exploitability of exposures (AEV) in production-like environments.
- Continuously identify and validate attack paths, privilege escalation, and lateral movement risks. Correlate simulation results into actionable risk insights with proven exploitability.
Reasons to use Rodeo
I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?
Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.
Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.
Start with a chat, not a search bar
Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.
Graduate Consultant — 2026 Scheme
Why you're a good match
StrongYour economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.
See breakdownIt searches the market for you
Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.
Why you're a good match
You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.
Experience fit
Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.
Only hits
No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.
Collaboration & Stakeholder Engagement


Get help with your application
Your very own career expert that helps elevate your application to the next level.
- Work closely with SOC, Incident Response, Group IT, and International Business Units and regional business partners to carry out monitoring of systems for security anomalies and detection of breaches.
- Advise system owners on remediation and risk mitigation strategies.
- Support security governance and audit requirements.
Incident Response Management
- Conduct quarterly Cybersecurity Table-top exercises with line of business.
- Conduct annual Group wide cybersecurity drill.
Required Experience and Qualifications
- Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or related fields.
- 3-5 years of experience as a technical lead in the information security field with a proven track record of execution in ensuring the desired outcomes are tied to business needs.
- Strong experience in IT Operations, developing architectural artifacts including reference architectures, roadmaps, architectural principles, technology standards, security non-functional requirements, architectural decisions, and design patterns.
- Possess strong analytical, problem-solving, and decision-making skills in a fast-paced and dynamic environment.
- Knowledge in Network, Web Security, and Application Security would be highly valued.
- Ability to establish and manage effective working relationships in a matrix environment with other departments, groups, and staff with whom work must be coordinated or interfaced.
- Exhibit excellent interpersonal skills among team members and other stakeholders with strong written and oral communication skills.
- Possession of one or more industry-recognised cybersecurity certifications (e.g., CISSP, CISM, CEH, GIAC) is an added advantage.
- Experience with Agentic Exposure Simulation (AES) / Agentic Exposure Validation (AEV) platforms or similar continuous security validation technologies is highly desirable.
“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”
Jessica, London
Skills
Location