Vulnerability Analyst

Key Responsibilities • Perform vulnerability scanning, discovery, remediation tracking, SLA monitoring, and verification of vulnerability fixes. • Review and communicate vulnerability assessment findings to affected teams, and follow up on queries and remediation actions. • Manage and coordinate external vendors performing vulnerability assessments and penetration tests, including support for tooling, product issues, and related queries from internal teams. • Maintain and amend the VA scan scripts when necessary to reduce the false positives. • Generate Dashboard and share the VA scan results with Department HOD and team manager on issues and concerns in the weekly team meeting. • On monthly basis, perform reconciliation on any agents that are not reporting and any new servers. • Compliance and hardening checks on organisation assets, including cloud to ensuring alignment with CIS or other applicable standards. • Prepare VA statistics and reports in the quarterly management meetings. • Support the compliant standards and SOP to conduct VA scan to cover MS Azure Cloud and Google cloud tenant • Perform risk assessment on vulnerability and penetration test findings, and recommend remediation or compensating controls where direct remediation is not feasible. • Review vendor penetration testing scope, methodology, and findings to assess technical accuracy, exploitability, business impact, and remediation priority. • Experienced in Bug Bounty Program, validating severity and business impact, tracking remediation closure, managing researcher communications and support maintenance of scope, outcomes reporting • Undertake other projects and tasks that may be assigned by management. Qualifications / Requirements • Bachelor's Degree with more than 3 years of experience in Cyber Security or information security. Experienced in vulnerability management, vulnerability assessment, infrastructure security, or similar information security roles. • Relevant industry certifications such as CISSP, OSCP, CREST CPSA CRT, SANS certifications preferred. Competencies • Hands-on experience on vulnerability assessment tools with Tenable Vulnerability Management / Tenable One / Nessus is a must. • Good understanding of vulnerability management standards, remediation SLAs, and the ability to follow up with stakeholders to drive timely closure of findings. • Working knowledge of vulnerability scoring and prioritisation models such as CVSS, Tenable VPR, and EPSS. • Experienced in conducting technical risk assessments, including assessment of preventive and detective controls. • Working knowledge of vulnerability management procedures, remediation tracking, and service level agreement monitoring. • Strong understanding of penetration testing methodologies and Web/API application security, Mobile and AI/LLM. OWASP top 10 • Understanding of CIS security hardening standards and baseline controls for servers, operating systems, databases, and for cloud environments such as AWS, Azure. • Able to engage stakeholders effectively, follow up on remediation actions, and drive closure of vulnerabilities within required timelines. Best regards, Kshama Warange EA License Number: 23C2060 | EA Registration ID: R26161060 Quess Selection & Services, Singapore Disclaimer: The company is committed to ensuring the privacy andsecurity of your information. By submitting this form, you consent to thecollection, processing, and retention of the information you provide. The datacollected (which may include your contact details, educational background, workexperience and skills) will be used solely for the purpose of evaluating yourqualifications for the position you're applying for. Your data will be storedsecurely and retained for the duration necessary to fulfill our hiring process.If you are not selected for the position, your data will be kept on file for alimited period in case future opportunities arise. You have the right toaccess, correct, or delete your data at any time by contacting us at QuessSingapore | A Leading Staffing Services Provider in Singapore (quesscorp.sg) This is in partnership with the Employment andEmployability Institute Pte Ltd (“e2i”). e2i is the empowering network for workers and employersseeking employment and employability solutions. e2i serves as a bridge betweenworkers and employers, connecting with workers to offer job security throughjob-matching, career guidance and skills upgrading services, and partneringemployers to address their manpower needs through recruitment, training, andjob redesign solutions. e2i is a tripartite initiative of the National TradesUnion Congress set up to support nation-wide manpower and skills upgradinginitiatives. By applying for this role, you consent to QuesscorpSingapore’s PDPA and e2i’s PDPA.