Vulnerability Management Analyst

Salary: Up to SGD 6200 / month (depending upon experience and skills)

Key Responsibilities

. Perform vulnerability scanning/discovery, tracking of remediation SLA and vulnerability fix verification in support of the remediation

. Support and coordinate in pre-engagement, delivery and follow-up of penetration testing activities for internal teams with vendor testing service providers.

. Review and share the Vulnerability Assessment and Penetration Testing findings with the affected teams and follow-up discussion on any queries on the findings.

. Troubleshoot, follow up and resolve any operational issues pertaining to VA through liaison with internal teams and with external vendor support, case creation via relevant product support ticket on issues or queries from the teams.

. Support DevSecOps CICD application deployment to adhere Income's Application Security Testing (DAST) standard, configure and resolve DAST scans issues for new onboarded applications.

. Monitor, health checks and ensure availability of all DAST scans.

. System administration on vulnerability management tools, perform system health checks, verification of scanning agents, ensure operation availability, assist in log extraction for investigation.

. Support in ensuring configuration changes follow Income procedure, standards, assist in bi-weekly access management review matters, ensure scanners adhere to hardening standards, configuration change processes.

. Weekly and Monthly metrics/dashboard generation for VAPT activities and testing results to be shared with Department HOD and team manager in weekly team meetings.

. Prepare VA statistics and reports in the quarterly management meetings.

Support in technical risk assessment and recommend mitigations on vulnerability findings when remediation is not possible.

. Support and assist in process and procedures improvement initiatives that may be assigned by management.

Qualifications

. Minimum of 2-3 years experience in vulnerability management, penetration testing, vulnerability assessment or similar roles.

. Background in application development, web application technologies and architectures, application security testing or vulnerability assessment.

. Familiar with penetration testing steps, methods, procedures, and excellent in using penetration testing tools.

. Familiar with attack techniques and methods, common security vulnerabilities and threats of network and application systems, and competent in identifying and evaluating these vulnerabilities and threats with existing tools.

. Relevant industry certifications such as CEH, OSCP, BSCP, CREST CRT certifications is preferred.

Competencies

. Hands-on experience in vulnerability management and using VA tools (e.g. TenableOne, Qualys, Rapid7)

. Strong understanding and knowledge on industry standard scoring models such as CVSS, EPSS, exploitability and remediation strategies

. Knowledge of common web and mobile security vulnerabilities in OWASP Top 10.

. Familiarity with penetration testing techniques and tools such as web application proxies (Burp Suite, OWASP ZAP), packet capture analysis software, penetration testing Linux distributions (e.g. Kali Linux), static source code analyzers, API testing tools (e.g SoapUI, Postman), mobile application security frameworks (e.g. MobSF, Frida).

. Familiarity with application security testing approaches such as SAST, DAST, SCA

. Having Cloud security knowledge and AI LLM knowledge is a plus

. Basic structured programming or scripting skills as C, Java, Python, Javascript, Powershell

. Good written skills and able to effectively communicate security and risk-related concepts to technical and non-technical audiences.

. Able to work independently and in a team-oriented, collaborative environment.

Kshama

Registration No. / Unique Entity Number: 199801439D

Disclaimer: The company is committed to ensuring the privacy and security of your information. By submitting this form, you consent to the collection, processing, and retention of the information you provide. The data collected (which may include your contact details, educational background, work experience and skills) will be used solely for the purpose of evaluating your qualifications for the position you're applying for. Your data will be stored securely and retained for the duration necessary to fulfill our hiring process. If you are not selected for the position, your data will be kept on file for a limited period in case future opportunities arise. You have the right to access, correct, or delete your data at any time by contacting us at Quess Singapore | A Leading Staffing Services Provider in Singapore (quesscorp.sg)

This is in partnership with the Employment and Employability Institute Pte Ltd (e2i).

e2i is the empowering network for workers and employers seeking employment and employability solutions. e2i serves as a bridge between workers and employers, connecting with workers to offer job security through job-matching, career guidance and skills upgrading services, and partnering employers to address their manpower needs through recruitment, training, and job redesign solutions. e2i is a tripartite initiative of the National Trades Union Congress set up to support nation-wide manpower and skills upgrading initiatives. By applying for this role, you consent to Quesscorp Singapore's PDPA and e2i's PDPA.