Cyber & Vulnerability Analyst

We are Malaysia’s leading Credit Reporting Agency (CRA) and we are aggressively expanding our business, and looking for dynamic, driven and motivated individuals to join our team. Our Direct-To-Consumer segment (D2C), is one of our fastest growing product areas in the market, with an abundance of expansion plans and innovative ideas on hand.

The CTV Analyst will assist the Manager in supporting the planning, execution, and monitoring of CTOS’ Cyber Threat & Vulnerability Management (CTVM) program. This role involves performing and managing vulnerability scans, coordinating remediation efforts, proactively monitoring threats, maintaining asset inventories in collaboration with IT, and supporting cybersecurity governance and compliance initiatives.

• Assist the Manager in planning, analyzing, developing frameworks, and deploying the CTOS CTVM program.
• Support daily operations, including coordination VAPT exercises with vendors, performing on-demand internal and external vulnerability scans, scheduling, prioritization, and remediation tracking.
• Maintain a current and comprehensive inventory of all IT hardware, software, and cloud assets within the organization in collaboration with IT.
• Assist in identifying vulnerabilities and supporting remediation plans, including patching, code or infrastructure changes, and build process updates.
• Assist in implementing cybersecurity and IT security policies to ensure compliance with internal and regulatory standards.
• Support the development of policies, procedures, and standard operating models for the CTVM program.
• Assist on KPIs and KRIs for cybersecurity operations. Maintain technical and management dashboards and assist in preparing periodic management reports.
• Provide technical support and advisory services to stakeholders to ensure enterprise-wide cyber resilience.
• Support security monitoring activities (i.e., SOC, MDR) in collaboration with vendors and coordinate remediation efforts with internal IT team.
• Stay up to date on emerging cyber threats, vulnerabilities, and IT security trends relevant to the organization and industry.

• Minimum Bachelor’s Degree or Equivalent with specialization in Computer Science / IT Security / Cyber Security.

• 1 to 3 years of working experience in IT or Cyber Security domains specifically in cyber threat and vulnerability management, or Security Operations Center (SOC).
• Basic understanding of IT infrastructure, networking, and cybersecurity principles.
• Familiarity with vulnerability assessment, patch management, and security monitoring tools.
• Exposure to ServiceNow, Jira, Nessus, CrowdStrike Falcon, MDR solutions, AWS native security tools and Burp Suite is a plus.
• Familiar with ServiceNow and Jira for ticketing and workflow management.
• Familiar with security tools such as Nessus Professional, CrowdStrike Falcon Complete, MDR solutions, Identity Threat Protection (ITP) and BurpSuite. Familiarity with other security tools such as cloud native security solutions such as AWS is an added advantage.
• Strong analytical, problem-solving, and organizational skills.
• Good communication and teamwork abilities.
• Relevant certifications, such as CEH, ITIL, CISA, EC-Council, or any other cyber and vulnerability management tool certification, are a plus.
• Relevant experience in cyber threat and vulnerability management, Security Operations Center (SOC) operations, penetration testing, or cyber threat intelligence is highly desirable.