Vulnerability Analyst

Salary: up to SGD 6200 (depending on overall skills and experience)

1 yr renewable contract

Key Responsibilities

* Perform vulnerability scanning, discovery, remediation tracking, SLA monitoring, and verification of vulnerability fixes.

* Review and communicate vulnerability assessment findings to affected teams, and follow up on queries and remediation actions.

* Manage and coordinate external vendors performing vulnerability assessments and penetration tests, including support for tooling, product issues, and related queries from internal teams.

* Maintain and amend the VA scan scripts when necessary to reduce the false positives.

* Generate Dashboard and share the VA scan results with Department HOD and team manager on issues and concerns in the weekly team meeting.

* On monthly basis, perform reconciliation on any agents that are not reporting and any new servers.

* Compliance and hardening checks on organisation assets, including cloud to ensuring alignment with CIS or other applicable standards.

* Prepare VA statistics and reports in the quarterly management meetings.

* Support the compliant standards and SOP to conduct VA scan to cover MS Azure Cloud and Google cloud tenant

* Perform risk assessment on vulnerability and penetration test findings, and recommend remediation or compensating controls where direct remediation is not feasible.

* Review vendor penetration testing scope, methodology, and findings to assess technical accuracy, exploitability, business impact, and remediation priority.

* Experienced in Bug Bounty Program, validating severity and business impact, tracking remediation closure, managing researcher communications and support maintenance of scope, outcomes reporting

* Undertake other projects and tasks that may be assigned by management.

Qualifications / Requirements

* Bachelor's Degree with more than 3 years of experience in Cyber Security or information security. Experienced in vulnerability management, vulnerability assessment, infrastructure security, or similar information security roles.

* Relevant industry certifications such as CISSP, OSCP, CREST CPSA CRT, SANS certifications preferred.

Competencies

* Hands-on experience on vulnerability assessment tools with Tenable Vulnerability Management / Tenable One / Nessus is a must.

* Good understanding of vulnerability management standards, remediation SLAs, and the ability to follow up with stakeholders to drive timely closure of findings.

* Working knowledge of vulnerability scoring and prioritisation models such as CVSS, Tenable VPR, and EPSS.

* Experienced in conducting technical risk assessments, including assessment of preventive and detective controls.

* Working knowledge of vulnerability management procedures, remediation tracking, and service level agreement monitoring.

* Strong understanding of penetration testing methodologies and Web/API application security, Mobile and AI/LLM. OWASP top 10

* Understanding of CIS security hardening standards and baseline controls for servers, operating systems, databases, and for cloud environments such as AWS, Azure.

* Able to engage stakeholders effectively, follow up on remediation actions, and drive closure of vulnerabilities within required timelines.

Best regards,

Kshama Warange

EA License Number: 23C2060 | EA Registration ID: R26161060

Quess Selection & Services, Singapore

Disclaimer:The company is committed to ensuring the privacy and security of your information. By submitting this form, you consent to the collection, processing, and retention of the information you provide. The data collected (which may include your contact details, educational background, work experience and skills) will be used solely for the purpose of evaluating your qualifications for the position you're applying for. Your data will be stored securely and retained for the duration necessary to fulfill our hiring process. If you are not selected for the position, your data will be kept on file for a limited period in case future opportunities arise. You have the right to access, correct, or delete your data at any time by contacting us at Quess Singapore | A Leading Staffing Services Provider in Singapore (quesscorp.sg)

This is in partnership with the Employment and Employability Institute Pte Ltd (e2i).

e2i is the empowering network for workers and employers seeking employment and employability solutions. e2i serves as a bridge between workers and employers, connecting with workers to offer job security through job-matching, career guidance and skills upgrading services, and partnering employers to address their manpower needs through recruitment, training, and job redesign solutions. e2i is a tripartite initiative of the National Trades Union Congress set up to support nation-wide manpower and skills upgrading initiatives. By applying for this role, you consent to Quesscorp Singapore's PDPA and e2i's PDPA.