Vulnerability Management Analyst

Job Summary

The Vulnerability Management Analyst role is responsible for supporting company's enterprise vulnerability management program, driving continuous identification, assessment, and remediation of security weaknesses across internal and external IT infrastructure including but not limited to web, mobile applications. This includes leveraging both automated tools and manual techniques, and liaising with system and application owners for follow-up actions. Maintain proactive oversight to uphold company's vulnerability management standards, strengthen organization cyber resilience environment. and safeguard Income Insurance's technology

This role will come under the IT Risk and Security department, reporting to the Manager of Cyber Assurance.

Job Responsibilities

• Perform vulnerability scanning/discovery, tracking of remediation SLA and vulnerability fix verification in support of the remediation
• Support and coordinate in pre-engagement, delivery and follow-up of penetration testing activities for internal teams with vendor testing service providers.
• Review and share the Vulnerability Assessment and Penetration Testing findings with the affected teams and follow-up discussion on any queries on the findings.
• Troubleshoot, follow up and resolve any operational issues pertaining to VA through liaison with internal teams and with external vendor support, case creation via relevant product support ticket on issues or queries from the teams.
• Support DevSecOps CICD application deployment to adhere company's Application Security Testing (DAST) standard, configure and resolve DAST scans issues for new onboarded applications.
• Weekly and Monthly metrics/dashboard generation for VAPT activities and testing results to be shared with Department HOD and team manager in weekly team meetings, assist in process and procedures improvement initiatives that may be assigned by management.

Job Requirements

• Minimum of 2-3 years experience in vulnerability management, penetration testing, vulnerability assessment or similar roles.
• Background in application development, web application technologies and architectures, application security testing or vulnerability assessment.
• Familiar with penetration testing steps, methods, procedures, and excellent in using penetration testing tools.
• Familiar with attack techniques and methods, common security vulnerabilities and threats of network and application systems, and competent in identifying and evaluating these vulnerabilities and threats with existing tools.
• Relevant industry certifications such as CEH, OSCP, BSCP, CREST CRT certifications is preferred.
• Competencies
• Hands-on experience in vulnerability management and using VA tools (e.g. TenableOne, Qualys, Rapid7)
• Strong understanding and knowledge on industry standard scoring models such as CVSS, EPSS, exploitability and remediation strategies
• Knowledge of common web and mobile security vulnerabilities in OWASP Top 10.
• Familiarity with penetration testing techniques and tools such as web application proxies (Burp Suite, OWASP ZAP), packet capture analysis software, penetration testing Linux distributions (e.g. Kali Linux), static source code analyzers, API testing tools (e.g SoapUI, Postman), mobile application security frameworks (e.g. MobSF, Frida).
• Familiarity with application security testing approaches such as SAST, DAST, SCA
• Having Cloud security knowledge and AI LLM knowledge is a plus
• Basic structured programming or scripting skills as C, Java, Python, Javascript, Powershell

About CLPS RiDiK

RiDiK is a global technology solutions provider and a subsidiary of CLPS Incorporation (NASDAQ: CLPS), delivering cutting-edge end-to-end services across banking, wealth management, and e-commerce. With deep expertise in AI, cloud, big data, and blockchain, we support clients across Asia, North America, and the Middle East in driving digital transformation and achieving sustainable growth. Operating from regional hubs in 10 countries and backed by a global delivery network, we combine local insight with technical excellence to deliver real, measurable impact. Join RiDiK and be part of an innovative, fast-growing team shaping the future of technology across industries.

We will review applications on a rolling basis until 20 Mar 2026, and early submissions are encouraged. Please note that only shortlisted candidates will be contacted. Thank you for your understanding.