- Identify the vulnerability severity on our applications
- Analyze the impact of Security bulletins on our applications (using the application component inventory)
- Prioritize the patches required and Coordinate with other security team members [Qualys Scan Execution team and Center of Excellence / WAF...] to run further scans and WAF patches
- Track and record decisions made on how to treat the vulnerabilities
- Report on patching progress
- At least 5 years' experience in Information Risk and Security management / consulting.
- Strong understanding of performing penetration tests, vulnerability assessments and infrastructure security reviews for the web and mobile applications.
- Hands-on experience working with Qualys WAS and other application vulnerability scanning / pentest tools.
- Familiarity with the OWASP framework and application security best practices.
- Experienced in secure application coding and application security scanning
- Security Certificates in CISSP, CISA, CISM or equivalent is a great plus.
- Strong technical understanding of threat and vulnerability scanning solutions, processes and systems
- Knowledge and hands-on experience of WAF and virtual patching
- Strong Knowledge of patch management
- Knowledge of the legal and regulatory environment within which financial organisations operate (e.g. Singapore MAS)
- In depth knowledge of applying Security controls to technology operational services
- Strong communication skills, both written and verbal (English), to communicate effectively across a wide range of stakeholders. Proven ability to explain security issues in business language and business issues in security language
- Capable of producing high quality output with a strong focus on attention to detail following design and delivery methods, tools and standards
- Demonstrable experience of designing / implementing / improving / managing / governing threat and vulnerability management service especially in applications
- Demonstrable experience of continuous improvement of Security threat and vulnerability services
- Demonstrable experience of effective incident management support
- Demonstrable experience of project management in security projects preferred
- Excellent communication skills
- Ability to understand and communicate the requirements of business departments to the information technology department and vice versa
- Excellent verbal and written English communication and presentation skills
- Excellent inter-personal