Title:  Senior Specialist Vulnerability Management

Job Summary:

This role is an excellent opportunity in the IT Security Operations Center, Vulnerability Management. Ideally, someone who has strong IT security and vulnerability management skills as core competency. The purpose of a VM team is to detect, analyse and support the gaps mitigation process on infrastructural and application vulnerabilities.

Job Description:            

• Lead and support the vulnerability detection and mitigation best practice and institute the threat management program to cybersecurity practices and leads/support its maturity.
• Perform regular network, system and application vulnerability scanning to detect and support vulnerabilities mitigation.
• Lead the incident response triage, proactive analysis and identification of suspicious cybersecurity related behaviour in the network, systems and/or application.
• Analyses vulnerability scanning results and support the SOC operation with IOC/IOA based on scan analysis, security alerts and threat trending.
• Provide analysis of cybersecurity system trends and thresholds that associated to suspicious behaviour.
• Optimizes threat detection products for data loss prevention (DLP), security information and event management (SIEM), endpoint detection and response (EDR), antivirus, and other industry-standard security technologies.
• Detect, analyse, and configure complex solutions to information technology cybersecurity threats that relate to confidentiality, integrity, and availability of data and systems.
• Provide regular updates to the functional superior on security assessment reports with detailed security issues and recommending solutions.
• Regular tracking and drive the vulnerability management program to ensure timely closure of vulnerabilities detected.
• Actively investigate the latest in security vulnerabilities, advisories, incidents, and penetration techniques and notify stakeholders when appropriate.
• Keep abreast of latest security and privacy legislation, regulations, adversaries, alerts, and vulnerabilities.
• Execute IT security projects in collaboration with IT Security practice.

Job Requirement:

• Minimum 6 years of IT experience with at least 3 years’ experience in similar role.
• Experience and knowledge related to the configuration and maintenance of security monitoring and reporting platforms.
• Hands-on experience with various security technologies such as antivirus software, firewalls, Kali Linux, Metasploit, Tenable, Qualys, etc;
• Ability to correlate data from multiple data sources to create a more accurate picture of cyberthreats and vulnerabilities.
• Ability to quickly assess complex situations and take appropriate action, such as during security incidents.
• Familiarity with OWASP Top 10 and their remediation.
• Familiarity with SAST, DAST and other security testing methodology
• Good understanding of Web application security mechanisms (cookie security, security headers etc)
• Excellent written and verbal communication skills; interpersonal and collaborative skills; and the ability to communicate security and risk-related concepts to technical and non-technical stakeholders.
• Strong ability to work independently and cooperate with diverse teams in multiple stakeholders

Education

Bachelor’s degree in computing/Information Technology or equivalent.