Vulnerability Management Analyst

Key Responsibilities

. Perform vulnerability scanning, discovery, remediation tracking, SLA monitoring, and verification of vulnerability fixes.
. Review and communicate vulnerability assessment findings to affected teams, and follow up on queries and remediation actions.
. Manage and coordinate external vendors performing vulnerability assessments and penetration tests, including support for tooling, product issues, and related queries from internal teams.
. Maintain and amend the VA scan scripts when necessary to reduce the false positives.
. Generate Dashboard and share the VA scan results with Department HOD and team manager on issues and concerns in the weekly team meeting.
. On monthly basis, perform reconciliation on any agents that are not reporting and any new servers.
. Compliance and hardening checks on organization assets, including cloud to ensuring alignment with CIS or other applicable standards.
. Prepare VA statistics and reports in the quarterly management meetings.
. Support the compliant standards and SOP to conduct VA scan to cover MS Azure Cloud and Google cloud tenant.
. Perform risk assessment on vulnerability and penetration test findings, and recommend remediation or compensating controls where direct remediation is not feasible.
. Review vendor penetration testing scope, methodology, and findings to assess technical accuracy, exploitability, business impact, and remediation priority.
. Experienced in Bug Bounty Program, validating severity and business impact, tracking remediation closure, managing researcher communications and support maintenance of scope, outcomes reporting.
. Undertake other projects and tasks that may be assigned by management.

Qualifications / Requirements

. Bachelor's Degree with more than 3 years of experience in Cyber Security or information security. Experienced in vulnerability management, vulnerability assessment, infrastructure security, or similar information security roles. Open to consider candidates with at least 2 years of relevant experience.
. Relevant industry certifications such as CISSP, OSCP, CREST CPSA CRT, SANS certifications preferred.

Competencies

. Hands-on experience on vulnerability assessment tools with Tenable Vulnerability Management / Tenable One / Nessus is a must.
. Good understanding of vulnerability management standards, remediation SLAs, and the ability to follow up with stakeholders to drive timely closure of findings.
. Working knowledge of vulnerability scoring and prioritisation models such as CVSS, Tenable VPR, and EPSS.