Senior Cyber Security Analyst

Location: Asia-Pacific - Singapore
BU/Function: Software BU
Seniority: Manager & Professionals
Job Code: 1821
We are seeking an experienced Senior Cyber Security Analyst to be part of the Information Security team. As part of a new vulnerability management function, you will have the opportunity to work closely with multiple technology teams, DevOps Engineers and bug bounty platform vendors on the detection and remediation of security vulnerabilities.

Job Responsibilities

  • Establish and run a vulnerability management program, which includes the tracking of detected/reported vulnerabilities to closure
  • Responding to Common Vulnerabilities and Exposures (CVE) alerts as shared by the Regulatory & Compliance teams
  • Determine overall CVE priority when threat activity is identified; report incidents that may cause immediate and/or ongoing impact to the environment
  • Conduct continuous vulnerability scanning and penetration test on internal and public-facing IT assets across multiple platforms and architectures
  • Monitor external data sources (e.g., Cyber Security Agency of Singapore) to determine which security issues may have an impact on the enterprise
  • Work with the engineering team to identify, assess, triage, assign and remediate vulnerabilities
  • Continue to improve infrastructure vulnerability management process using data driven and automated approach
  • Create a reporting capability supporting all levels such as engineering team, compliance, and executive management to highlight current status of infrastructure from vulnerability management perspective
  • Drive the remediation process to ensure vulnerable assets are patched or remediated within agreed SLAs
  • Work across Information and Cyber Security discipline to consolidate, manage and ensure that vulnerability management lifecycle is followed
  • Develop automation to maintain the efficiency of security testing at large-scale
  • Manage bug bounty program
  • Manage and work with Information Security vendors as and when necessary

Pre-Requisites

  • Degree in Computer Science with at least 5 years of experience in cyber security operations or cyber security engineering
  • Experience in the discovery of vulnerabilities, prioritization of vulnerabilities, remediation of vulnerabilities, and verification through risk-based approach
  • Knowledge of cyber threats and vulnerabilities
  • Good knowledge of Cloud environment, DevOps, Docker, Linux, macOS, and Active Directory
  • Deep security hands-on skills in web application and infrastructure security
  • Knowledge of system and application security threats, vulnerabilities, and cyber attackers
  • Experience in Information Security, Vulnerability Management or Secure Software Development Life Cycle (SSDLC)
  • Proficiency in one or more scripting language. E.g., Perl, Python, Shell Scripting etc
  • Possess at least one of the following: OSCP, OSEP, OSCE, CREST CCWAT/CCSAS/CCSAM/CCTIM, GPEN, GWAPT, GSLC.
  • Familiar with various tools Jira, Burp Suite, Kali Linux, Metasploit, Nessus, Nmap, Netsparker, Wireshark, etc
  • Strong verbal and written communications skills
  • Good reporting skills - ability to report to both technical and non-technical audience
  • Positive mindset, open-minded and adaptable for a change fast-paced environment
  • Experienced in an end-user environment
  • Ability to work independently with minimal supervision