This regional role will be part of the Cyber Security Assurance (CSA) team to manage risks and oversee vulnerability management, security configuration management and cyber security training in Asia Pacific region. The role requires the ability to communicate and build relationships with technology product owners and support teams. Cyber Security Assurance team specializes in conducting vulnerability assessments on a variety of MUFG systems and applications by performing automated scan and manually identifying, researching, validating, and exploiting various known and unknown application security vulnerabilities.
- Perform platform and application vulnerability assessment, secure source code review
- and security baseline configuration review using variety of industry leading tools.
- Conduct risk based assessment on security vulnerabilities and determine impact to various IT infrastructures.
- Able to prioritize risks and drive remediation by outlining and providing advice and solutions to technology owners on effective security controls and counter measures.
- Track and validate remediation of security vulnerabilities.
- Prepare key risk indicators and metrics reporting to senior management team.
- Stay abreast on new security vulnerabilities and latest advancements in configuration compliance assessments from internal or external threat intelligence sources and CERT teams.
- Coordinate and manage 3rd party vendors for any external penetration tests to be performed by external vendors
- Report and articulate vulnerability assessment results and risk impact to key stakeholders.
- Contribute to the review of internal processes and activities and assist in identifying potential opportunities for improvement and automation.
- Degree qualification in relevant fields.
- Desirable to have at least 2+ years of relevant experience in Vulnerability Management or related fields.
- Possess knowledge of various technologies and security topics including operating systems, network security, protocols, application security, infrastructure hardening and security baselines.
- Knowledge of industry standards relating to Vulnerability Management including Common Vulnerabilities and Exposures (CVE), Common Vulnerability Scoring System (CVSS) and Open Web Application Security Project (OWASP) strongly desired.
- Industry Certification in IT & cyber security domains a strong advantage (GIAC GWAPT,GPEN, OSCP or similar industry certification)
- Knowledge on programming and scripting languages desired.
- Hands on experience with leading tools such as Qualys, Nessus, Appscan preferred.
- Good personality and able articulate well with other stakeholders and team members.
We regret to inform that only shortlisted applicants will be notified.