38 Vulnerability Management jobs in Singapore

JOB DESCRIPTION

• Know the vulnerability management lifecycle, including identification, assessment, reporting, prioritization, and remediation.
• Lead the development, implementation, and continuous improvement of vulnerability management processes and tools.
• Serve as the subject matter expert (SME) for vulnerability risk, patching standards, and remediation approaches.
• Oversee vulnerability scanning tools (e.g., Tenable, Qualys, Rapid7) and ensure accurate coverage and tuning.
• Collaborate with SOC, red teams, and threat intelligence to correlate vulnerabilities with real-world threats and exploitability.
• Analyze scan results and contextual risk (e.g., CVSS score, asset criticality, threat intel) to prioritize remediation efforts.
• Track and report on KPIs/KRIs related to vulnerability exposure, patch compliance, and SLA adherence.
• Facilitate remediation meetings with asset owners and stakeholders.
• Collaborate with IT, infrastructure, application owners, and third parties to ensure timely remediation.
• Develop executive dashboards and technical reports for various stakeholders, including senior management and auditors.
• Represent vulnerability management in audits, risk assessments, and incident postmortems.
• Ensure vulnerability management processes align with internal policies and regulatory standards (e.g., ISO 27001, NIST).

JOB REQUIREMENTS

Requirements:

• Bachelor's degree in Cybersecurity, Computer Science, or related field.
• 6+ years of experience in cybersecurity, with 3+ years in vulnerability management.
• Experience with enterprise vulnerability scanning platforms (Tenable, Qualys, etc.).
• Strong understanding of CVEs, CVSS, threat modeling, and security frameworks (NIST, CIS, MITRE ATT&CK).
• Demonstrated ability to lead cross-functional teams and drive remediation.

Education:

• Bachelor's degree in computer science, Information Technology, Cybersecurity, or a related field.

As Singapore's longest established bank, we have been dedicated to enabling individuals and businesses to achieve their aspirations since 1932. How? By taking the time to truly understand people. From there, we provide support, services, solutions, and career paths that meet their individual needs and desires.

Today, we're on a journey of transformation. Leveraging technology and creativity to become a future-ready learning organisation. But for all that change, our strategic ambition is consistently clear and bold, which is to be Asia's leading financial services partner for a sustainable future.

We invite you to build the bank of the future. Innovate the way we deliver financial services. Work in friendly, supportive teams. Build lasting value in your community. Help people grow their assets, business, and investments. Take your learning as far as you can. Or simply enjoy a vibrant, future-ready career.

Your Opportunity Starts Here.

Why Join

Protecting our customers' assets and data is at the heart of everything we do at OCBC. As a Cyber Engineering - Risk professional, you'll play a critical role in safeguarding our systems and networks from cyber threats. You'll be part of a team that's shaping the future of cybersecurity in the financial industry.

How you succeed

To succeed in this role, you'll need to stay one step ahead of emerging threats. You'll work closely with our engineering teams to identify and mitigate risks, and develop strategies to protect our systems and data. You'll need to be proactive, collaborative, and always looking for ways to improve our cybersecurity posture.

What you do

• Execute a comprehensive vulnerability management strategy.
• Develop and implement automated scanning schedules, asset tagging, and risk-based prioritization.
• Analyze scan results, validate vulnerabilities, and generate actionable reports tailored for technical and executive stakeholders.
• Collaborate with IT and application teams to track remediation efforts and ensure timely closure of high-risk vulnerabilities.
• Drive the development of custom dashboards and KPIs to monitor vulnerability trends and compliance posture.
• Contribute to the evolution of vulnerability management processes and tooling.
• Ensure alignment with regulatory requirements (e.g., MAS TRM, BNM RMIT, HKMA guidelines) and support audit readiness.

Who you are

• Degree/Diploma in Computer Science, Cybersecurity, or related field.
• 3-5 years of hands-on experience in vulnerability management and using VA tools
• Strong understanding of vulnerability scoring systems (CVSS), exploitability, and remediation strategies.
• Familiarity with OWASP Top 10.
• Excellent communication skills with the ability to translate technical findings into business impact.
• Proven experience working with regulatory frameworks and compliance audits.
• Proficient in Microsoft Office applications
• Experience in python and Bash scripting
• Hands on experience in VA tools such as Tenable,Qualys, Rapid7
• Preferred certifications: CISSP,CISM, OSCP,GPEN,GWAPT

Who we are

As Singapore's longest established bank, we have been dedicated to enabling individuals and businesses to achieve their aspirations since 1932. How? By taking the time to truly understand people. From there, we provide support, services, solutions, and career paths that meet their individual needs and desires.

Today, we're on a journey of transformation. Leveraging technology and creativity to become a future-ready learning organisation.

But for all that change, our strategic ambition is consistently clear and bold, which is to be Asia's leading financial services partner for a sustainable future.

We invite you to build the bank of the future. Innovate the way we deliver financial services. Work in friendly, supportive teams. Build lasting value in your community. Help people grow their assets, business, and investments. Take your learning as far as you can. Or simply enjoy a vibrant, future-ready career. Your Opportunity Starts Here.

What we offer

Competitive base salary. A suite of holistic, flexible benefits to suit every lifestyle. Community initiatives. Industry-leading learning and professional development opportunities. Equal opportunity. Fair employment. Selection based on ability and fit with our culture and values. Your wellbeing, growth and aspirations are every bit as cared for as the needs of our customers.

Competitive base salary. A suite of holistic, flexible benefits to suit every lifestyle. Community initiatives. Industry-leading learning and professional development opportunities. Your wellbeing, growth and aspirations are every bit as cared for as the needs of our customers.

Responsibilities

• Know the vulnerability management lifecycle, including identification, assessment, reporting, prioritization, and remediation.
• Lead the development, implementation, and continuous improvement of vulnerability management processes and tools.
• Serve as the subject matter expert (SME) for vulnerability risk, patching standards, and remediation approaches.
• Oversee vulnerability scanning tools (e.g., Tenable, Qualys, Rapid7) and ensure accurate coverage and tuning.
• Collaborate with SOC, red teams, and threat intelligence to correlate vulnerabilities with real-world threats and exploitability.
• Analyze scan results and contextual risk (e.g., CVSS score, asset criticality, threat intel) to prioritize remediation efforts.
• Track and report on KPIs/KRIs related to vulnerability exposure, patch compliance, and SLA adherence.
• Facilitate remediation meetings with asset owners and stakeholders.
• Collaborate with IT, infrastructure, application owners, and third parties to ensure timely remediation.
• Develop executive dashboards and technical reports for various stakeholders, including senior management and auditors.
• Represent vulnerability management in audits, risk assessments, and incident postmortems.
• Ensure vulnerability management processes align with internal policies and regulatory standards (e.g., ISO 27001, NIST).

Requirements:

• Bachelor's degree in Cybersecurity, Computer Science, or related field.

• 6+ years of experience in cybersecurity, with 3+ years in vulnerability management.

• Experience with enterprise vulnerability scanning platforms (Tenable, Qualys, etc.).

• Strong understanding of CVEs, CVSS, threat modeling, and security frameworks (NIST, CIS, MITRE ATT&CK).

• Demonstrated ability to lead cross-functional teams and drive remediation.

Our Addresses and Working Hours:

Seatrium Pioneer Yard

50 Gul Road Singapore

(Island wide transport provided)

Mon - Thu: 8am - 5:15pm, Fri: 8am to 4:30pm

Interested candidates are invited to send us an updated resume with your current and expected salary and earliest availability.

We regret that only shortlisted candidates will be notified.

Please note that your personal data disclosed to Seatrium Limited and our group of companies, shall be used for the purposes of evaluation, and processing in accordance with our recruitment processes and policies. By providing your personal data, you have consented to the aforesaid purpose under the provisions of the Personal Data Protection Act 2012.

Join to apply for the
Vulnerability Management Specialist
role at
OCBC .
About OCBC
As Singapore’s longest established bank, we have been dedicated to enabling individuals and businesses to achieve their aspirations since 1932. Today, we’re on a journey of transformation, leveraging technology and creativity to become a future‐ready learning organization.
Why Join
Protecting our customers’ assets and data is at the heart of everything we do at OCBC. As a Cyber Engineering – Risk professional, you’ll play a critical role in safeguarding our systems and networks from cyber threats.
What You Do
Execute a comprehensive vulnerability management strategy.
Develop and implement automated scanning schedules, asset tagging and risk‐based prioritization.
Analyze scan results, validate vulnerabilities and generate actionable reports tailored for technical and executive stakeholders.
Collaborate with IT and application teams to track remediation efforts and ensure timely closure of high‐risk vulnerabilities.
Drive the development of custom dashboards and KPIs to monitor vulnerability trends and compliance posture.
Contribute to the evolution of vulnerability management processes and tooling.
Ensure alignment with regulatory requirements (e.g., MAS TRM, BNM RMIT, HKMA guidelines) and support audit readiness.
Who You Are
Degree/Diploma in Computer Science, Cybersecurity or related field.
3-5 years of hands‐on experience in vulnerability management and using VA tools.
Strong understanding of vulnerability scoring systems (CVSS), exploitability and remediation strategies.
Familiarity with OWASP Top 10.
Excellent communication skills with the ability to translate technical findings into business impact.
Proven experience working with regulatory frameworks and compliance audits.
Proficient in Microsoft Office applications.
Experience in Python and Bash scripting.
Hands‐on experience in VA tools such as Tenable, Qualys, Rapid7.
Preferred certifications: CISSP, CISM, OSCP, GPEN, GWAPT.
What We Offer
Competitive base salary. A suite of holistic, flexible benefits to suit every lifestyle. Community initiatives. Industry‐leading learning and professional development opportunities. Equal opportunity. Fair employment. Selection based on ability and fit with our culture and values.
Seniority Level
Mid‐Senior level
Employment Type
Full‐time
#J-18808-Ljbffr

Company:

Sopra Steria is a listed European tech leader specializing in Consulting, Digital Services, and Software. With 60,000 employees worldwide across Europe, North America and Asia, Singapore serves as the HQ for our APAC operations. We focus on delivering Infrastructure, Cloud and Cybersecurity services across the region.

Description:

This role is for a technical support position and he/she will be responsible to oversees Middleware Vulnerability Management. They must plan and rectify middleware products security vulnerabilities. He/she will help ensure the quality of Core Middleware services remains consistently high and Create Middleware management reporting and dashboard and adhere to all IT security policies to maintain system integrity and quality.

The candidate must have excellent technical knowledge matched by a "can do" hands-on attitude to develop automatic process to generate reports and dashboard and always work to minimize operational risk. Also capable of develop scripts to manage repetitive or mass deployment tasks. The successful candidate will be a member of a dynamic IT team and will work with other IT teams in Asia, Europe and Americas, so must possess strong organization skills, have good time management and excellent written and communication skills.

Responsibilities:

• Responsible for the overall Middleware Vulnerability Management of Core Middleware systems in APAC (infrastructure in Singapore, Hong Kong, Japan and China) and regional oversight of the rest of APAC countries.
• Must have a mindset to provide continuous team and service improvements, be risk adverse in change management, focus on mitigating middleware vulnerabilities and be eager to improve the monitoring, efficiency, reliability, capacity and quality of all IT services.
• Strive to ensure 100% uptime for all Core Middleware systems infrastructure in APAC, taking into account business requirements.
• Able to plan, test and execute Production changes successfully following a robust Change Management process.
• Responsible for updating all live production documentation under their scope.
• Has direct hands on experience managing to reduce hardware and software obsolescence across IT.

Business relationships:

• Work closely with all major stakeholders of the Core Middleware Systems, and any team(s) with direct influence and dependencies.
• Must build a strong relationship with our internal customers in APAC.
• Have proven experience working collaboratively with all teams across all departments and refusing to work in silo mode.
• Follow all Security policies
• Contribute to management reports and dashboards
• Report all variances from Norms and Standards
• Ensure and practice all production Disaster Recovery and BCP processes are in place

Governance:

• Follow Security policies
• Contribute to management reports and dashboards
• Report all variances from Norms and Standards
• Ensure and practice all production Disaster Recovery and BCP processes are in place

Requirements

Essential Technical Knowledge/Skills:

• At least 5 - 7 years of technical experience in following middleware technologies listed below

• Open source Apache HTTP Server (2.4.x)

• Open source Tomcat application Server (8.x, 9.x)
• Microsoft IIS server (IIS 8.5, 10)
• REDHAT Jboss EWS (Apache / Tomcat 5.x)
• REDHAT EAP application server (EAP 7.x)
• IBM WebSphere Application server BASE & ND (8.x, 9.x)
• IBM WebSphere MQ server (8.x, 9.0, 9.1, 9.2)

• Oracle WebLogic server (12.x, 14.x)

• Analysis, remediation planning and execution for all overdue vulnerabilities for IBM MQ, IBM WAS, Apache, Tomcat, Jboss EAP/EWS products.

• Analysis, remediation planning and execution for all Critical compliance deviations on Digital Platform assets, and ideally on High deviations for IBM MQ, IBM WAS, Apache, Tomcat, Jboss EAP/EWS.
• Enhancement of the current processes for remediationd for all APAC assets where the remediation owner is Digital Platform (include assets provided to and supported for CIB, WM, Cardif entities), on the vulnerability management and compliance management remits.
• Continuous improvement of the security watch process for the products under APAC Digital Platform management, to pro-actively plan for patching.
• Experience in creating and producing reports and Dashboard.
• Obtain skill for reporting : Tableau / Power query / Excel Micro programing / PowerBI / SQL query / Python / API
• Optional skill set: Prometheus / Grafana / Kibana / ELK
• Obtain skill for automation: Ansible scripting + Ansible tower
• Middleware skill: IBM MQ, IBM WAS, Apache, Tomcat, Jboss EAP/EWS
• Oversight of the Vulnerability & Compliance Deviation remediation for the locally-managed network gears.
• To apply security vulnerability fixes on timely manner as per business needs.
• To apply security hardening policies for middleware production timely manner as per business needs.
• Must have excellent written and verbal communication skills.
• Productiveness team work and strong analytical skills.
• Demonstrate a systematic and logical approach to problem-solving.
• Good presentation and documentation skills.
• Ability break down complex technical situations and adapt their language to all levels of discussion, from non-technical managers up to 3rd level System Experts.
• Have knowledge and experience using agile methodologies and/or has been part of DevOps teams.
• Be service oriented, customer focused, positive, committed and have an enthusiastic "can do" attitude.
• Great time keeping skills and attention to detail is essential.
• Flexibility to do shift work and some weekends or late after office hours at short notice.
• Must be independent, organized, self-motivated, responsible, and able to complete tasks with little or no supervision.
• Relishes taking ownership, being totally hands-on and comfortable directly interfacing with people at all levels of the organization.
• Knows ITIL concepts and can apply them effectively.

Other Value-Added Competencies:

• A professional certification in any of the application server technology listed.

• Analytical thinking and strong diagnostic information gathering

• Client-oriented, strong communication and organization skills
• Initiative and multitasking
• Ability to work under pressure
• Having knowledge in ansible / good scripting skills in PowerShell, Python or other programming languages is an added advantage.

Benefits

• Regular team buildings
• 18 leave days / year
• Insurance: GP, Hospitalisation, Dental and Optical
• Annual bonus
• Working hours: from 9am to 6pm, Monday to Friday
• Training and certifications paths

Company:

Sopra Steria is a listed European tech leader specializing in Consulting, Digital Services, and Software. With 60,000 employees worldwide across Europe, North America and Asia, Singapore serves as the HQ for our APAC operations. We focus on delivering Infrastructure, Cloud and Cybersecurity services across the region.

Description:

This role is for a technical support position and he/she will be responsible to oversees Middleware Vulnerability Management. They must plan and rectify middleware products security vulnerabilities. He/she will help ensure the quality of Core Middleware services remains consistently high and Create Middleware management reporting and dashboardand adhere to all IT security policies to maintain system integrity and quality.

The candidate must have excellent technical knowledge matched by a "can do" hands-on attitude to develop automatic process to generate reports and dashboard and always work to minimize operational risk. Also capable of develop scripts to manage repetitive or mass deployment tasks. The successful candidate will be a member of a dynamic IT team and will work with other IT teams in Asia, Europe and Americas, so must possess strong organization skills, have good time management and excellent written and communication skills.

Responsibilities:

• Responsible for the overall Middleware Vulnerability Management of Core Middleware systems in APAC (infrastructure in Singapore, Hong Kong, Japan and China) and regional oversight of the rest of APAC countries.
• Must have a mindset to provide continuous team and service improvements, be risk adverse in change management, focus on mitigating middleware vulnerabilities and be eager to improve the monitoring, efficiency, reliability, capacity and quality of all IT services.
• Strive to ensure 100% uptime for all Core Middleware systems infrastructure in APAC, taking into account business requirements.
• Able to plan, test and execute Production changes successfully following a robust Change Management process.
• Responsible for updating all live production documentation under their scope.
• Has direct hands on experience managing to reduce hardware and software obsolescence across IT.

Business relationships:

• Work closely with all major stakeholders of the Core Middleware Systems, and any team(s) with direct influence and dependencies.
• Must build a strong relationship with our internal customers in APAC.
• Have proven experience working collaboratively with all teams across all departments and refusing to work in silo mode.
• Follow all Security policies
• Contribute to management reports and dashboards
• Report all variances from Norms and Standards
• Ensure and practice all production Disaster Recovery and BCP processes are in place

Governance:

• Follow Security policies
• Contribute to management reports and dashboards
• Report all variances from Norms and Standards
• Ensure and practice all production Disaster Recovery and BCP processes are in place

Essential Technical Knowledge/Skills:

• At least 5 - 7 years of technical experience in following middleware technologies listed below

• Open source Apache HTTP Server (2.4.x)

• Open source Tomcat application Server (8.x, 9.x)
• Microsoft IIS server (IIS 8.5, 10)
• REDHAT Jboss EWS (Apache / Tomcat 5.x)
• REDHAT EAP application server (EAP 7.x)
• IBM WebSphere Application server BASE & ND (8.x, 9.x)
• IBM WebSphere MQ server (8.x, 9.0, 9.1, 9.2)

• Oracle WebLogic server (12.x, 14.x)

• Analysis, remediation planning and execution for all overdue vulnerabilities for IBM MQ, IBM WAS, Apache, Tomcat, Jboss EAP/EWS products.

• Analysis, remediation planning and execution for all Critical compliance deviations on Digital Platform assets, and ideally on High deviations for IBM MQ, IBM WAS, Apache, Tomcat, Jboss EAP/EWS.

• Enhancement of the current processes for remediationd for all APAC assets where the remediation owner is Digital Platform (include assets provided to and supported for CIB, WM, Cardif entities), on the vulnerability management and compliance management remits.

• Continuous improvement of the security watch process for the products under APAC Digital Platform management, to pro-actively plan for patching.

• Experience in creating and producing reports and Dashboard.

• Obtain skill for reporting : Tableau / Power query / Excel Micro programing / PowerBI / SQL query / Python / API

• Optional skill set: Prometheus / Grafana / Kibana / ELK

• Obtain skill for automation: Ansible scripting + Ansible tower

• Middleware skill: IBM MQ, IBM WAS, Apache, Tomcat, Jboss EAP/EWS

• Oversight of the Vulnerability & Compliance Deviation remediation for the locally-managed network gears.

• To apply security vulnerability fixes on timely manner as per business needs.

• To apply security hardening policies for middleware production timely manner as per business needs.

• Must have excellent written and verbal communication skills.

• Productiveness team work and strong analytical skills.

• Demonstrate a systematic and logical approach to problem-solving.

• Good presentation and documentation skills.

• Ability break down complex technical situations and adapt their language to all levels of discussion, from non-technical managers up to 3rd level System Experts.

• Have knowledge and experience using agile methodologies and/or has been part of DevOps teams.

• Be service oriented, customer focused, positive, committed and have an enthusiastic "can do" attitude.

• Great time keeping skills and attention to detail is essential.

• Flexibility to do shift work and some weekends or late after office hours at short notice.

• Must be independent, organized, self-motivated, responsible, and able to complete tasks with little or no supervision.

• Relishes taking ownership, being totally hands-on and comfortable directly interfacing with people at all levels of the organization.

• Knows ITIL concepts and can apply them effectively.

Other Value-Added Competencies:

• A professional certification in any of the application server technology listed.

• Analytical thinking and strong diagnostic information gathering

• Client-oriented, strong communication and organization skills
• Initiative and multitasking
• Ability to work under pressure
• Having knowledge in ansible / good scripting skills in PowerShell, Python or other programming languages is an added advantage.

• Regular team buildings
• 18 leave days / year
• Insurance: GP, Hospitalisation, Dental and Optical
• Annual bonus
• Working hours: from 9am to 6pm, Monday to Friday
• Training and certifications paths

Responsibilities

Team Introduction: The mission of TikTok's Global Security Organization is to build and earn trust by reducing risk and securing our businesses and products. Also known as "GSO", this team is the foundation of our efforts to keep TikTok safe, secure, and operating at scale for over 1 billion people around the world. We work to ensure that the TikTok platform is safe and secure, that our users' experience and their data remains safe from external or internal threats, and that we comply with global regulations wherever TikTok operates.

Trust is one of TikTok's biggest initiatives, and security is integral to our success. In whatever ways users interact with us — whether they're watching videos on their For

You page, interacting with a Live video, or buying products on TikTok Shop — GSO protects their data and privacy, so they can have a secure and trustworthy experience. As a Security Engineer on TikTok's Vulnerability Management team, you'll be at the forefront of our product defense strategy. You'll lead responses to product security incidents, collaborating closely with various teams to triage, conduct thorough root cause analysis, and drive remediation efforts to secure our platform.

Responsibilities

• Security Vulnerability Management: Identify, analyze, document, and coordinate the remediation of security weaknesses and potential attack methods in code and systems.
• Incident Response & Mitigation: Manage and respond to cybersecurity incidents, pinpointing affected systems and clearly outlining risks and exposures.
• External Collaboration & Communication: Engage with external security experts and communicate complex technical information effectively to diverse audiences.
• Strategic

Problem Solving & Automation: Analyze complex security issues, develop clear and practical solutions, execute tasks with meticulous attention to detail, and develop automated solutions and scripts to enhance security processes.

• Program Effectiveness & Disclosure: Utilize data to measure security program effectiveness and coordinate the responsible disclosure of vulnerabilities.
• Vulnerability Scanning Operations: Operate and manage vulnerability scanning platforms, interpreting results to identify and prioritize security issues.

Qualifications

Minimum Qualifications:

• Security Vulnerability Analysis: Proven experience in identifying and understanding security weaknesses, including how they can be exploited, with a thorough understanding of common vulnerabilities like the OWASP Top 10.

This involves analyzing potential attack methods from code and concepts, pinpointing affected systems or applications, and clearly documenting the risks and exposures.

• Security Incident Handling: Experience with managing and responding to cybersecurity incidents, ensuring a structured approach to addressing security breaches.
• Collaboration with Security Researchers: Demonstrated ability to work effectively and technically with external security experts, fostering open and productive discussions about security.
• Vulnerability Scanning Expertise: Experience operating and interpreting results from vulnerability scanning platforms, such as Qualys, including configuring scans, analyzing findings, generating reports, and collaborating on remediation with asset owners.
• Automation Tool Development: Experience in developing and scripting tools to automate security processes.

Preferred Qualifications:

• Educational Background: A Bachelor's degree in Computer Science or a related field, with Related Certifications: e.g BSCP, OSCP, OSWE, OSCE3.
• Deep Security Knowledge: A thorough understanding of exploitation techniques and effective mitigation strategies across diverse technology domains, with a particular focus on web and mobile technologies.

Ability to judge severity and business impact, and provide precise advice on security questions.

• Secure Software Development: Familiarity with best practices for integrating security throughout the software development process.
• Programming Skills: Proficiency in programming languages such as Python, Go, and JavaScript.
• Leading Security Remediation: Capability to act as the primary point of contact for resolving critical security vulnerabilities, including coordinating action plans and verifying their effectiveness.
• Comprehensive Cybersecurity Understanding: A strong and broad grasp of various cybersecurity safeguards, covering physical, technical, and procedural controls.
• Responsible Disclosure Practices: Experience with coordinating the responsible disclosure of vulnerabilities, potentially including participation in industry groups or standard-setting bodies.
• Influencing & Collaboration: Strong leadership qualities, enabling effective collaboration and influence with diverse teams across the organization (e.g., Engineering, Legal, Marketing, Public Relations).
• Data-Driven Security Improvement: Experience using data and metrics to evaluate program effectiveness, identify trends, and make informed strategic decisions.

Job description:

About the Role

Join our cybersecurity team at one of the world's most connected and innovative airports. We are seeking a forward-thinking Vulnerability Management Manager to drive and expand our enterprise vulnerability management (VM) program. This role offers a rare opportunity to shape how a world-class aviation hub safeguards its digital ecosystem — combining operational excellence with innovative methods and automation. This individual will be reporting to the Team Lead of Security Operations (SecOps) within the Cybersecurity & Digital Governance Division. 

As the Vulnerability Management Manager, you will be responsible for leading programs that are foundational to strengthening the organization's cybersecurity posture. Working closely with the SecOps Lead, you will play a key role in transforming our vulnerability management capabilities into to a proactive, intelligence-driven, and automation-enabled function.

The program will progressively evolve towards a more continuous and risk-driven exposure management approach, aligning with industry best practices such as Continuous Threat Exposure Management (CTEM).

This is an ideal role for individuals with a strong interest or background in vulnerability management who are ready to expand into program management responsibilities — influencing strategic direction, fostering collaboration across team, and implementing innovative approaches to manage enterprise-wide risk.

What does this role look like?

• You will be expected to manage and expand the enterprise vulnerability management program across multiple technology domains.
• Implement strategies (Set by CISO) to enhance visibility, prioritization, and remediation efficiency.
• Establish a centralised visibility framework for all vulnerability management activities to be consolidated under SecOps — enabling unified oversight, consistent governance, and data-driven decision-making across all business units.
• Drive automation and intelligent workflows to scale VM operations sustainably.
• Partner with cross-functional teams to embed vulnerability awareness and secure practices into daily operations.
• Continuously improve the maturity of the program by aligning with global standards and leveraging emerging technologies.

Job Requirements

• Bachelor's degree in computer science, information technology, or related field with at least 3 years of experience in vulnerability management, vulnerability assessment or related experience.
• Prior exposure to enterprise-scale environments (e.g., multi-business units, cloud + on-prem mix).
• Experience in using attack surface management tools and/or automated vulnerability assessment tools would be advantageous.
• Professional cybersecurity related certifications are advantageous.
• The ideal candidate is an analytical and technically adept professional who thrives at translating data into actionable insights.
• With a strong emphasis on automation, process efficiency, and effective communication, this individual applies sound, risk-based decisions and drives measurable outcomes through a data-driven approach.

About the Role

Join our cybersecurity team at one of the world's most connected and innovative airports. We are seeking a forward-thinking Vulnerability Management Manager to drive and expand our enterprise vulnerability management (VM) program. This role offers a rare opportunity to shape how a world-class aviation hub safeguards its digital ecosystem — combining operational excellence with innovative methods and automation. This individual will be reporting to the Team Lead of Security Operations (SecOps) within the Cybersecurity & Digital Governance Division. 

As the Vulnerability Management Manager, you will be responsible for leading programs that are foundational to strengthening the organization's cybersecurity posture. Working closely with the SecOps Lead, you will play a key role in transforming our vulnerability management capabilities into to a proactive, intelligence-driven, and automation-enabled function.

The program will progressively evolve towards a more continuous and risk-driven exposure management approach, aligning with industry best practices such as Continuous Threat Exposure Management (CTEM).

This is an ideal role for individuals with a strong interest or background in vulnerability management who are ready to expand into program management responsibilities — influencing strategic direction, fostering collaboration across team, and implementing innovative approaches to manage enterprise-wide risk.

What does this role look like?

• You will be expected to manage and expand the enterprise vulnerability management program across multiple technology domains.
• Implement strategies (Set by CISO) to enhance visibility, prioritization, and remediation efficiency.
• Establish a centralised visibility framework for all vulnerability management activities to be consolidated under SecOps — enabling unified oversight, consistent governance, and data-driven decision-making across all business units.
• Drive automation and intelligent workflows to scale VM operations sustainably.
• Partner with cross-functional teams to embed vulnerability awareness and secure practices into daily operations.
• Continuously improve the maturity of the program by aligning with global standards and leveraging emerging technologies.

Job Requirements

• Bachelor's degree in computer science, information technology, or related field with at least 3 years of experience in vulnerability management, vulnerability assessment or related experience.
• Prior exposure to enterprise-scale environments (e.g., multi-business units, cloud + on-prem mix).
• Experience in using attack surface management tools and/or automated vulnerability assessment tools would be advantageous.
• Professional cybersecurity related certifications are advantageous.
• The ideal candidate is an analytical and technically adept professional who thrives at translating data into actionable insights.
• With a strong emphasis on automation, process efficiency, and effective communication, this individual applies sound, risk-based decisions and drives measurable outcomes through a data-driven approach.