Responsibilities:
- Conduct in-depth vulnerability assessment and penetration testing across the banks asset (application and infrastructure) to identify potential weaknesses and security gaps. The vulnerability assessment is consisting of application security testing (web, mobile, API) and infrastructure security testing (IT and OT servers, network devices, cloud, etc.)
Utilizing automated scanning tools and manual testing techniques to discover vulnerabilities in the banks assets. Experience using Tenable products, Burp Suite, Qualys and native security scanner in cloud provider (AWS, Azure, OCI) would be an advantage.
- Identifying and categorizing vulnerabilities based on their potential impact and likelihood of exploitation to prioritize remediation efforts effectively.
Produce and deliver vulnerability and exploit information, their potential impact and suggested remediation strategies in the form of a professional security assessment report.
Provide actionable recommendations and remediation guidance for addressing identified vulnerabilities in a timely and effective manner, and coordinate with the related stakeholders for mitigation. - Conducting meetings to communicate the findings and implications to the related stakeholders, if required.
Perform analysis to validate justifications for false positives, operational requirements, and risk adjustments.
- Perform proactive research to identify and understand new threats, vulnerabilities and exploits.
Excel as both a self-directed individual contributor and as a member of a team.
Provide recommendations to optimize processes and procedures related to enterprise security scanning solutions. Provide periodic reports detailing scan success, remediation efforts and vulnerability trends.
- Experience in administration of vulnerability scanner and vulnerability management tools e.g., Tenable (Nessus, SC, OT and IE), Burp Suite (Pro and Enterprise), Qualys, Service Now Vulnerability Response and cloud native scanner (in AWS, Azure, OCI) would be an advantage.
- Requirements: Academic Qualifications:
A degree in Computer Science or Information Technology.
Licence / Certification: Relevant cyber security certifications e.g., Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP) or GIAC Web Application Penetration Tester (GWAPT) Experience: Minimum 2 years working experience in application & infrastructure security testing, and penetration testing. At least 1 years working experience in administration for Tenable, Qualys, Burp Suite, or other vulnerability assessment tools would be an advantage.
- Vulnerability Assessment and penetration testing (application and infrastructure) Vulnerability research and advisory Vulnerability management and remediation Threat and risk assessment Facilitation and communication skills IT technical skill knowledge with relevant expertise Solid understanding of OWASP Top 10, OWASP ASVS, CVSS, CVE/CWE, NIST, RMIT, etc. Proven experience in code review and vulnerability assessment. Strong understanding of software lifecycle and methodologies Knowledge of secure coding practices and common security vulnerabilities. Familiarity with security testing tools, such as dynamic/interactive/static analysis scanner, infrastructure security scanner and penetration testing framework Excellent analytical and problem-solving skills
Job Type: Full-time
Pay: RM2,
- 79 - RM10,101.05 per month
Benefits: - Health insurance
Maternity leave
- Opportunities for promotion
Professional development
Schedule:Supplemental Pay:
Overtime pay
