Responsibilities:
- Perform vulnerability scanning/discovery, tracking of remediation SLA and follow up on closure of findings
- Support private bug bounty and public vulnerability disclosure program by performing triaging and follow up on reports received
- Coordinate with external vendors on penetration testing program
- Conduct meetings to communicate the findings and implications to stakeholders
- Perform vulnerability fix verification in support of the remediation
- Perform risk assessment and recommend mitigations on vulnerability findings when remediation is not possible
- Conduct compliance audit on hardening standards
- Administer security tools and service providers
Qualifications:
- At least 2-5 years of experience in IT/Information Security
- Bachelor of Computer Science, Information Technology, Information Security Management or Business Information Systems
- CISSP, CISM certified is preferred
- OSCP, CRT, GPEN, GWAPT, CHFI certified is an advantage
- Hands-on experience on vulnerability assessment tools (eg TenableOne, Qualys, Rapid7)
- Working knowledge on industry standard scoring models such as CVSS, EPSS
- Working knowledge on SAST, DAST, IAST, SCA and DevSecOps
- Familiarity with penetration testing techniques is an advantage (eg web application proxies, packet capture analysis software, browser extensions, penetration testing Linux distributions, static source code analyzers, SoapUI, etc)
- Basic structured programming or scripting skills as C, Java, Python, Javascript, Powershell