Vulnerability Management Analyst

Key Responsibilities • Perform vulnerability scanning, discovery, remediation tracking, SLA monitoring, and verification of vulnerability fixes. • Review and communicate vulnerability assessment findings to affected teams, and follow up on queries and remediation actions. • Manage and coordinate external vendors performing vulnerability assessments and penetration tests, including support for tooling, product issues, and related queries from internal teams. • Maintain and amend the VA scan scripts when necessary to reduce the false positives. • Generate Dashboard and share the VA scan results with Department HOD and team manager on issues and concerns in the weekly team meeting. • On monthly basis, perform reconciliation on any agents that are not reporting and any new servers. • Compliance and hardening checks on organization assets, including cloud to ensuring alignment with CIS or other applicable standards. • Prepare VA statistics and reports in the quarterly management meetings. • Support the compliant standards and SOP to conduct VA scan to cover MS Azure Cloud and Google cloud tenant. • Perform risk assessment on vulnerability and penetration test findings, and recommend remediation or compensating controls where direct remediation is not feasible. • Review vendor penetration testing scope, methodology, and findings to assess technical accuracy, exploitability, business impact, and remediation priority. • Experienced in Bug Bounty Program, validating severity and business impact, tracking remediation closure, managing researcher communications and support maintenance of scope, outcomes reporting. • Undertake other projects and tasks that may be assigned by management. Qualifications / Requirements • Bachelor's Degree with more than 3 years of experience in Cyber Security or information security. Experienced in vulnerability management, vulnerability assessment, infrastructure security, or similar information security roles. Open to consider candidates with at least 2 years of relevant experience. • Relevant industry certifications such as CISSP, OSCP, CREST CPSA CRT, SANS certifications preferred. Competencies • Hands-on experience on vulnerability assessment tools with Tenable Vulnerability Management / Tenable One / Nessus is a must. • Good understanding of vulnerability management standards, remediation SLAs, and the ability to follow up with stakeholders to drive timely closure of findings. • Working knowledge of vulnerability scoring and prioritisation models such as CVSS, Tenable VPR, and EPSS.