Senior Vulnerability Analyst (VAPT)

Singapore - Singapore

Monthly Salary: Not Disclosed

Posted on: 9 hours ago

Vacancies: 1 Vacancy

Job Summary

Description

Key Responsibilities

Perform vulnerability scanning/discovery tracking of remediation SLA and follow up on closure.
Manage private bug bounty and public vulnerability disclosure program by performing triaging and follow up on reports received.
Coordinate penetration testing engagements with external vendors ensuring scope timelines and deliverables are met.
Conduct meetings to communicate the findings and implications to stakeholders.
Validate remediation efforts through vulnerability fix verification to confirm effectiveness.
Perform risk assessments and assess existing mitigative controls recommend compensating controls when remediation is not possible.
Support audit and ensure regulatory compliance (e.g. MAS TRM) by providing vulnerability evidence and remediation status.
Analyze vulnerability management results and present technical data clearly to senior stakeholders turning insights into actionable recommendations.
Optimize vulnerability management lifecycle improving identification remediation and follow-up processes.
Collaborate with CTI to act on FINTEL threat intelligence and ensure timely remediation.

Qualifications

At least 3-5 years of experience in IT/Information Security Vulnerability Management.
Diploma/Degree in Computer Science Cybersecurity Information Security Management or related.
Having CISSP CISM OSCP GPEN GWAPT certifications is an advantage.

Competencies

3-5 years of hands-on experience in vulnerability management and using VA tools (e.g. TenableOne Qualys Rapid7).
Strong understanding and knowledge on industry standard scoring models such as CVSS EPSS exploitability and remediation strategies.
Knowledge of common web and mobile security vulnerabilities in OWASP Top 10.
Familiarity with penetration testing techniques and tools such as web application proxies (Burp Suite OWASP ZAP) packet. capture analysis software penetration testing Linux distributions (e.g. Kali Linux) static source code analyzers API testing tools (e.g SoapUI Postman) mobile application security frameworks (e.g. MobSF Frida).
Familiarity with application security testing approaches such as SAST DAST SCA.
Experience with aligning with regulatory requirements (MAS ISO 27001) and support audit readiness.
Having Cloud security knowledge and AI LLM knowledge is a plus.
Basic structured programming or scripting skills as C Java Python Javascript Powershell.

Required Experience:

Senior IC

DescriptionKey ResponsibilitiesPerform vulnerability scanning/discovery tracking of remediation SLA and follow up on closure.Manage private bug bounty and public vulnerability disclosure program by performing triaging and follow up on reports received.Coordinate penetration testing engagements with ...

Description

Key Responsibilities

Perform vulnerability scanning/discovery tracking of remediation SLA and follow up on closure.
Manage private bug bounty and public vulnerability disclosure program by performing triaging and follow up on reports received.
Coordinate penetration testing engagements with external vendors ensuring scope timelines and deliverables are met.
Conduct meetings to communicate the findings and implications to stakeholders.
Validate remediation efforts through vulnerability fix verification to confirm effectiveness.
Perform risk assessments and assess existing mitigative controls recommend compensating controls when remediation is not possible.
Support audit and ensure regulatory compliance (e.g. MAS TRM) by providing vulnerability evidence and remediation status.
Analyze vulnerability management results and present technical data clearly to senior stakeholders turning insights into actionable recommendations.
Optimize vulnerability management lifecycle improving identification remediation and follow-up processes.
Collaborate with CTI to act on FINTEL threat intelligence and ensure timely remediation.

Qualifications

At least 3-5 years of experience in IT/Information Security Vulnerability Management.
Diploma/Degree in Computer Science Cybersecurity Information Security Management or related.
Having CISSP CISM OSCP GPEN GWAPT certifications is an advantage.

Competencies

3-5 years of hands-on experience in vulnerability management and using VA tools (e.g. TenableOne Qualys Rapid7).
Strong understanding and knowledge on industry standard scoring models such as CVSS EPSS exploitability and remediation strategies.
Knowledge of common web and mobile security vulnerabilities in OWASP Top 10.
Familiarity with penetration testing techniques and tools such as web application proxies (Burp Suite OWASP ZAP) packet. capture analysis software penetration testing Linux distributions (e.g. Kali Linux) static source code analyzers API testing tools (e.g SoapUI Postman) mobile application security frameworks (e.g. MobSF Frida).
Familiarity with application security testing approaches such as SAST DAST SCA.
Experience with aligning with regulatory requirements (MAS ISO 27001) and support audit readiness.
Having Cloud security knowledge and AI LLM knowledge is a plus.
Basic structured programming or scripting skills as C Java Python Javascript Powershell.

Required Experience:

Senior IC

Key Skills

Splunk
IDS
Microsoft Access
SQL
Cybersecurity
Intelligence Experience
Malware Analysis
Tableau
Analysis Skills
SAS
Data Analysis Skills
Analytics

Apply Now

About Company

Income Insurance Limited

Income Insurance is Singapore's leading provider of Life, Health, Travel & Car Insurance as well as savings, investment and retirement plans. Get started online!

View Profile View Profile

AI AutoApply

Apply to 100+ jobs with one click