Senior Systems Engineer (Vulnerability Management)

This position reports to the Vulnerability Management Lead and will need to interface/work with other teams within the Cyber Security Branch & within the IT Department. The candidate will need to perform assurance functions to maintain a high security posture for the organisation's IT/OT environment. He or she will need to drive and support initiatives in the area of threat and vulnerability management and perform day-to-day roles in vulnerability management throughout the SP Group. What you'll do: Support and maintain the Threat and Vulnerability Management Programme within the organisation: Conduct recurring and on-demand vulnerability scanning and assessments for networks, applications, operating systems, and cloud environments deployed for the organisation. Identify vulnerabilities in applications and systems that could be exploited. Use automated tools to pinpoint vulnerabilities and reduce time-consuming tasks. Manually validate report findings to reduce false positives. Provide detailed analysis of the vulnerabilities in the respective environments and assist/advise the relevant teams with their remediation efforts. Compile and track vulnerabilities over time for metrics reporting purposes. Maintain IT Security Metrics and Key Risk indicators dashboard and prepare Vulnerability Assessment and Penetration Testing (VAPT) Report for management reporting. Manage, coordinate, and review VAPT reports submitted for endorsement. Monitor, coordinate, and consolidate vulnerabilities for regulatory and compliance requirements and reporting. Manage VAPT Management related projects, system upgrades, and operations. Maintain documentation regarding threat management, including policies and procedures. Review and keep up-to-date VAPT Policies and Standards, including the introduction of new policies as required. What you'll need: Degree/Diploma in Information Technology related disciplines. At least 5 years of relevant experience that covers management of vulnerability management solutions, performing vulnerability scanning & assessment. Technical knowledge and experience in the following areas preferred: Threat and Vulnerability Management platforms. Use of Vulnerability Scanning & Assessment tools. OWASP tools and methodologies. Possess knowledge across various information security technologies/areas in a large enterprise including firewalls, intrusion detection, encryption, Linux O/S, Windows O/S, databases, antivirus, patch management, vulnerability scanning, backup, logging and monitoring, remote access, application development, network security, application security, and change management. Information Security or IT Controls Certification such as Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM) or equivalent would be an added advantage. Thank you for your interest in SP Group. We regret to inform that only shortlisted candidates will be notified. #J-18808-Ljbffr