Enable job alerts via email!
Senior Vulnerability Analyst (Vulnerability Management)
Income Insurance Limited
Singapore
On-site
SGD 70,000 - 100,000
Full time
Today
Be an early applicant
Generate a tailored resume in minutes
Land an interview and earn more. Learn more
Job summary
A leading insurance company in Singapore is seeking a skilled IT/Information Security professional to manage vulnerability assessments and reporting. The ideal candidate will have 4-5 years of experience in vulnerability management, familiarity with industry standards, and expertise in regulatory compliance. Responsibilities include coordinating penetration tests, validating remediation efforts, and reporting findings to stakeholders. Relevant certifications such as CISSP or CISM are a plus. Competitive compensation and opportunities for professional growth are offered.
Qualifications
- At least 4-5 years of experience in IT/Information Security, Vulnerability Management.
- CISSP, CISM, OSCP, GPEN, GWAPT certifications are advantageous.
- Basic programming or scripting skills in C, Java, Python, or Powershell.
Responsibilities
- Perform vulnerability scanning and manage SLA tracking.
- Conduct penetration testing engagements with external vendors.
- Analyze vulnerability management results and present technical data.
Skills
Vulnerability Management
Information Security
Risk Assessment
Technical Communication
Vendor Evaluation
Education
Diploma/Degree in Computer Science, Cybersecurity, or related
Tools
TenableOne
Qualys
Rapid7
Burp Suite
OWASP ZAP
Kali Linux
Job description
Key Responsibilities
- Perform vulnerability scanning/discovery, tracking of remediation SLA, and follow up on closure.
- Manage private bug bounty and public vulnerability disclosure program by performing triaging and follow up on reports received.
- Coordinate penetration testing engagements with external vendors, ensuring scope, timelines, and deliverables are met.
- Conduct meetings to communicate the findings and implications to stakeholders.
- Validate remediation efforts through vulnerability fix verification to confirm effectiveness.
- Perform risk assessments and assess existing mitigative controls, recommend compensating controls when remediation is not possible.
- Support audit and ensure regulatory compliance (e.g., MAS TRM) by providing vulnerability evidence and remediation status.
- Analyze vulnerability management results and present technical data clearly to senior stakeholders, turning insights into actionable recommendations.
- Optimize vulnerability management lifecycle, improving identification, remediation, and follow-up processes.
- Collaborate with CTI to act on FINTEL threat intelligence and ensure timely remediation.
- Support in vendor evaluation prior to contract award
Qualifications
- At least 4-5 years of experience in IT/Information Security, Vulnerability Management.
- Diploma/Degree in Computer Science, Cybersecurity, Information Security Management or related.
- Having CISSP, CISM, OSCP, GPEN, GWAPT certifications is an advantage.
Competencies
- 4-5 years of hands‑on experience in vulnerability management and using VA tools (e.g. TenableOne, Qualys, Rapid7).
- Strong understanding and knowledge on industry standard scoring models such as CVSS, EPSS, exploitability and remediation strategies.
- Knowledge of common web and mobile security vulnerabilities in OWASP Top 10.
- Familiarity with penetration testing techniques and tools such as web application proxies (Burp Suite, OWASP ZAP), packet capture analysis software, penetration testing Linux distributions (e.g. Kali Linux), static source code analyzers, API testing tools (e.g. SoapUI, Postman), mobile application security frameworks (e.g. MobSF, Frida).
- Familiarity with application security testing approaches such as SAST, DAST, SCA.
- Experience with aligning with regulatory requirements (MAS, ISO 27001) and support audit readiness.
- Having Cloud security knowledge and AI LLM knowledge is a plus.
- Experience in support in vendor evaluation prior to contract award will be advantage
- Basic structured programming or scripting skills as C, Java, Python, Javascript, Powershell.
Get your free, confidential resume review.
or drag and drop a PDF, DOC, DOCX, ODT, or PAGES file up to 5MB.
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
Michael Carter
I was stuck sending out resumes with no response until I used JobLeads. They made my resume impossible for recruiters to ignore.
Sophie Reynolds
JobLeads' resume review helped me fix critical mistakes, and I started getting interviews almost immediately!
Daniel Fischer
With JobLeads' resume review, my resume went from overlooked to interview-ready in no time!