Job Description

Job Category: IT & Digital
:
Key Responsibilities

• Perform vulnerability scanning/discovery, tracking of remediation SLA, and follow up on closure.
• Manage private bug bounty and public vulnerability disclosure program by performing triaging and follow up on reports received.
• Coordinate penetration testing engagements with external vendors, ensuring scope, timelines, and deliverables are met.
• Conduct meetings to communicate the findings and implications to stakeholders.
• Validate remediation efforts through vulnerability fix verification to confirm effectiveness.
• Perform risk assessments and assess existing mitigative controls, recommend compensating controls when remediation is not possible.
• Support audit and ensure regulatory compliance (e.g., MAS TRM) by providing vulnerability evidence and remediation status.
• Analyze vulnerability management results and present technical data clearly to senior stakeholders, turning insights into actionable recommendations.
• Optimize vulnerability management lifecycle, improving identification, remediation, and follow-up processes.
• Collaborate with CTI to act on FINTEL threat intelligence and ensure timely remediation.
• Support in vendor evaluation prior to contract award

Qualifications

• At least 4-5 years of experience in IT/Information Security, Vulnerability Management.
• Diploma/Degree in Computer Science, Cybersecurity, Information Security Management or related.
• Having CISSP, CISM, OSCP, GPEN, GWAPT certifications is an advantage.

Competencies

• 4-5 years of hands-on experience in vulnerability management and using VA tools (e.g. TenableOne, Qualys, Rapid7).
• Strong understanding and knowledge on industry standard scoring models such as CVSS, EPSS, exploitability and remediation strategies.
• Knowledge of common web and mobile security vulnerabilities in OWASP Top 10.
• Familiarity with penetration testing techniques and tools such as web application proxies (Burp Suite, OWASP ZAP), packet. capture analysis software, penetration testing Linux distributions (e.g. Kali Linux), static source code analyzers, API testing tools (e.g SoapUI, Postman), mobile application security frameworks (e.g. MobSF, Frida).
• Familiarity with application security testing approaches such as SAST, DAST, SCA.
• Experience with aligning with regulatory requirements (MAS, ISO 27001) and support audit readiness.
• Having Cloud security knowledge and AI LLM knowledge is a plus.
• Experience in support in vendor evaluation prior to contract award will be advantage
• Basic structured programming or scripting skills as C, Java, Python, Javascript, Powershell.

Skills Required