Perform vulnerability scanning/discovery, tracking of remediation SLA and vulnerability fix verification in support of the remediation
Support and coordinate in pre-engagement, delivery and follow-up of penetration testing activities for internal teams with vendor testing service providers.
Review and share the Vulnerability Assessment and Penetration Testing findings with the affected teams and follow-up discussion on any queries on the findings.
Troubleshoot, follow up and resolve any operational issues pertaining to VA through liaison with internal teams and with external vendor support, case creation via relevant product support ticket on issues or queries from the teams.
Support DevSecOps CICD application deployment to adhere Application Security Testing (DAST) standard, configure and resolve DAST scans issues for new onboarded applications.
Monitor, health checks and ensure availability of all DAST scans.
System administration on vulnerability management tools, perform system health checks, verification of scanning agents, ensure operation availability, assist in log extraction for investigation.
Support in ensuring configuration changes follow procedure, standards, assist in bi-weekly access management review matters, ensure scanners adhere to hardening standards, configuration change processes.
Weekly and Monthly metrics/dashboard generation for VAPT activities and testing results to be shared with Department HOD and team manager in weekly team meetings.
Prepare VA statistics and reports in the quarterly management meetings.
Support in technical risk assessment and recommend mitigations on vulnerability findings when remediation is not possible.
Support and assist in process and procedures improvement initiatives that may be assigned by management.
Qualifications
Minimum of 2-3 years experience in vulnerability management, penetration testing, vulnerability assessment or similar roles.
Hands-on experience in vulnerability management and using VA tools (e.g. TenableOne, Qualys, Rapid7)
Background in application development, web application technologies and architectures, application security testing or vulnerability assessment.
Familiar with penetration testing steps, methods, procedures, and excellent in using penetration testing tools.
Familiar with attack techniques and methods, common security vulnerabilities and threats of network and application systems, and competent in identifying and evaluating these vulnerabilities and threats with existing tools.
Relevant industry certifications such as CEH, OSCP, BSCP, CREST CRT certifications is preferred.
