Vulnerability Management Analyst

Key Responsibilities

• Perform vulnerability scanning, discovery, remediation tracking, SLA monitoring, and verification of vulnerability fixes.
• Review and communicate vulnerability assessment findings to affected teams, and follow up on queries and remediation actions.
• Manage and coordinate external vendors performing vulnerability assessments and penetration tests, including support for tooling, product issues, and related queries from internal teams.
• Maintain and amend the VA scan scripts when necessary to reduce the false positives.
• Generate Dashboard and share the VA scan results with Department HOD and team manager on issues and concerns in the weekly team meeting.
• On monthly basis, perform reconciliation on any agents that are not reporting and any new servers.
• Compliance and hardening checks on organization assets, including cloud to ensuring alignment with CIS or other applicable standards.
• Prepare VA statistics and reports in the quarterly management meetings.
• Support the compliant standards and SOP to conduct VA scan to cover MS Azure Cloud and Google cloud tenant.
• Perform risk assessment on vulnerability and penetration test findings, and recommend remediation or compensating controls where direct remediation is not feasible.
• Review vendor penetration testing scope, methodology, and findings to assess technical accuracy, exploitability, business impact, and remediation priority.
• Experienced in Bug Bounty Program, validating severity and business impact, tracking remediation closure, managing researcher communications and support maintenance of scope, outcomes reporting.
• Undertake other projects and tasks that may be assigned by management.

Qualifications / Requirements

• Bachelor's Degree with more than 3 years of experience in Cyber Security or information security. Experienced in vulnerability management, vulnerability assessment, infrastructure security, or similar information security roles. Open to consider candidates with at least 2 years of relevant experience.
• Relevant industry certifications such as CISSP, OSCP, CREST CPSA CRT, SANS certifications preferred.

Competencies

• Hands-on experience on vulnerability assessment tools with Tenable Vulnerability Management / Tenable One / Nessus is a must.
• Good understanding of vulnerability management standards, remediation SLAs, and the ability to follow up with stakeholders to drive timely closure of findings.
• Working knowledge of vulnerability scoring and prioritisation models such as CVSS, Tenable VPR, and EPSS.