Vulnerability Management Analyst

Key Responsibilities

Perform vulnerability scanning/discovery, tracking of remediation SLA and vulnerability fix verification in support of the remediation

Support and coordinate in pre-engagement, delivery and follow-up of penetration testing activities for internal teams with vendor testing service providers.

Review and share the Vulnerability Assessment and Penetration Testing findings with the affected teams and follow-up discussion on any queries on the findings.

Troubleshoot, follow up and resolve any operational issues pertaining to VA through liaison with internal teams and with external vendor support, case creation via relevant product support ticket on issues or queries from the teams.

Support DevSecOps CICD application deployment to adhere Income's Application Security Testing (DAST) standard, configure and resolve DAST scans issues for new onboarded applications.

Weekly and Monthly metrics/dashboard generation for VAPT activities and testing results to be shared with Department HOD and team manager in weekly team meetings, assist in process and procedures improvement initiatives that may be assigned by management.

Qualifications

Minimum of 2-3 years experience in vulnerability management, penetration testing, vulnerability assessment or similar roles.

Background in application development, web application technologies and architectures, application security testing or vulnerability assessment.

Relevant industry certifications such as CEH, OSCP, BSCP, CREST CRT certifications is preferred.

Competencies

Hands-on experience in vulnerability management and using VA tools (e.g. TenableOne, Qualys, Rapid7)

Strong understanding and knowledge on industry standard scoring models such as CVSS, EPSS, exploitability and remediation strategies

Knowledge of common web and mobile security vulnerabilities in OWASP Top 10.

Familiarity with penetration testing techniques and tools such as web application proxies (Burp Suite, OWASP ZAP), packet capture analysis software, penetration testing Linux distributions (e.g. Kali Linux), static source code analyzers, API testing tools (e.g SoapUI, Postman), mobile application security frameworks (e.g. MobSF, Frida).

Familiarity with application security testing approaches such as SAST, DAST, SCA

Having Cloud security knowledge and AI LLM knowledge is a plus

Basic structured programming or scripting skills as C, Java, Python, Javascript, Powershell

About CLPS RiDiK

RiDiK is a global technology solutions provider and a subsidiary of CLPS Incorporation (NASDAQ: CLPS), delivering cutting-edge end-to-end services across banking, wealth management, and e-commerce. With deep expertise in AI, cloud, big data, and blockchain, we support clients across Asia, North America, and the Middle East in driving digital transformation and achieving sustainable growth. Operating from regional hubs in 10 countries and backed by a global delivery network, we combine local insight with technical excellence to deliver real, measurable impact. Join RiDiK and be part of an innovative, fast-growing team shaping the future of technology across industries.