ICT security engineer

Key Responsibilities

• Design, implement, and manage the Vulnerability Management Program, ensuring execution across all phases of the vulnerability management lifecycle.
• Configure, schedule, and monitor vulnerability scans using enterprise tools (e.g., Tenable/Nessus), ensuring successful execution and investigating/re-running failed scans.
• Perform continuous asset discovery and ensure newly identified assets are onboarded into the vulnerability management platform and properly registered in CMDB.
• Assess and prioritize vulnerabilities using a risk-based approach, considering asset criticality, business impact, and environmental context.
• Partner with infrastructure, network, and application teams (Windows, Unix, databases, etc.) to drive remediation of identified vulnerabilities.
• Provide technical advisory to stakeholders on vulnerability impact, exploitability, and remediation strategies.
• Analyze and validate false positives, identify technical constraints, and facilitate risk acceptance processes, including stakeholder alignment and approvals.
• Lead remediation planning for penetration testing findings in collaboration with cross-functional teams.
• Conduct threat exposure assessments and targeted vulnerability scans, driving mitigation and response actions.
• Maintain and enhance vulnerability dashboards and reporting, delivering insights to both technical teams and senior management.
• Track and report progress against defined KPIs and SLAs, ensuring compliance with organizational standards.
• Escalate critical risks and provide timely updates to leadership and relevant stakeholders.
• Drive continuous service improvements in vulnerability management processes, tools, and methodologies.
• Support global coordination across teams operating in multiple geographical regions.
• Ensure adherence to security policies, regulatory requirements, and compliance frameworks, including financial security and fraud prevention obligations.
• Stay updated on emerging threats, vulnerabilities, and industry best practices, applying insights to improve organizational defenses.

Qualifications and Profile

• 8–10 years of overall IT experience with 4–7 years in Information Security and minimum 4+ years in enterprise Vulnerability Management.
• Proven hands-on experience managing end-to-end Vulnerability Management programs in large enterprise environments.
• Strong technical knowledge of vulnerability assessment and remediation across:
• Operating systems (Windows, Unix/Linux)
• Networks and infrastructure
• Databases and application servers
• Ability to analyze vulnerabilities, assess risk exposure, and prioritize remediation using a risk-based approach.
• Hands-on experience with Tenable (Nessus) SecurityCenter or equivalent vulnerability scanning tools in large-scale environments.
• Familiarity with threat and vulnerability intelligence and its application to enterprise security operations.
• Strong understanding of security reporting requirements at both technical and management levels.
• Hands-on experience creating reports, dashboards, and trend analysis using:
• Excel, PowerPoint, Word
• BI tools such as Power BI or similar
• Ability to present insights in a clear, structured, and business-relevant manner.

Interested applicants please send your resume in MS Words format [email protected] and attention to Prasant Sirohi (R22106307)

Shortlisted candidates will be notified

www.ambition.com.sg

EA Registration Number: R22106307

Data provided is for recruitment purposes only

Business Registration Number: 200611680D. License Number: 10C5117