Vulnerability Assessment Engineer - Infra Sec Engineering

About UOB 

United Overseas Bank Limited (UOB) is a leading bank in Asia with a global network of around 500 offices in 19 countries and territories in Asia Pacific, Europe and North America. UOB's purpose is to build the future of ASEAN. Our purpose guides The UOB Way – that defines our unique culture and belief system, anchored on our values of being Honourable, Enterprising, United and Committed, and our people philosophy of Care, Growth and Trust. 

About The Department 

UOB Innovation Hub 2 (InnoHub2) is a UOB-wholly owned subsidiary and a Centre of Excellence based in Malaysia, providing Group Business Services (GBS) to support the UOB Group. Started in 2021 with technology application design, development and support, InnoHub2 is expanding beyond technology services to deliver other business services to support the Bank’s growth ambition. We are looking for talented and motivated individuals to be part of the pioneer team spearheading the development and delivery of the new services. 

As part of the InnoHub2 team, you will have the opportunity to work on Group initiatives and gain regional business exposure. We are dynamic, passionate and purposeful about delivering trusted financial solutions that enables business growth. An exciting career progression with varied opportunities awaits you at IH2. Come grow your career with us. 

Job Responsibilities 

The Vulnerability Assessment Engineer will be responsible for the delivery of vulnerability management services and day-to-day operations and development of the bank security suite of products with key objective in designing, developing, deploying, maintaining, and enhancing the Bank’s vulnerability management capabilities

• Manage activities associated with attack surface reduction and proactive management of potential vulnerabilities to the Bank’s technology estate
• Ensure timely communication, management and reporting of product vulnerability advisories to application and infrastructure teams including monitoring the lifecycle of product vulnerabilities in conjunction with the Threat Intelligence team
• Provide best practice guidance to application and infrastructure teams on possible mitigating controls in the absence of product fixes for vulnerabilities
• Coordinate (as and when needed) vulnerability response for critical vulnerabilities in conjunction with the Group Security Operations Centre
• Automation development on existing processes and develop contextual data sets, reports, and dashboards to provide management, risk and service insights
• Product research and define requirements for new projects, perform product evaluation and technical Proof of Concept
• Provide support for all Audit and Regulatory requests
• Communicate effectively with a variety of internal teams and third-party service providers/vendors for the delivery of Vulnerability Management services/solutions.
• Capable of managing a variety of priorities and deliverables in an operational, interrupt driven environment with minimal guidance or supervision
• Work with internal technical teams and engineers in the prioritization and interpretation of attack surface reduction activities including providing guidance on countermeasures as mitigating controls
• Available to respond to any requests and assist with troubleshooting activities of vulnerability management solutions along with proper documentation
• Resolve standard/routine issues with no guidance and complex/unusual issues with minimal guidance

Job Requirements 

• Diploma/Degree in engineering/Computer Science/IT/Cyber Security from a recognized education institution · Professional security related qualification (e.g., SANS, CISSP, CISA, CISM, etc.) will be favourable although not mandatory
• Overall experience 5 – 7 years of experience
• 3 to 5 years of relevant experience in managing and deploying Vulnerability Management services and technologies
• Knowledgeable with the variety of Vulnerability Management technologies and familiar with the industry trends and best practices
• Knowledgeable with open systems (e.g., Windows, Unix, Linux), networking technologies (e.g., switches/routers/firewalls), end user technologies (Windows, iOS, Android) in relation to Vulnerability Management
• Knowledgeable with cloud technologies (e.g., AWS, Azure, M365, GCP) and containers (e.g., Docker and Kubernetes) in relation to Vulnerability Management
• Analytical problem solver and good at troubleshooting technical issues
• Hands-on experience in the use of Splunk, scripting (e.g., Python, Bash), security testing tools, and network vulnerability assessment tools (e.g., Nessus, Qualys, Rapid7, etc) will be favourable

Be a part of UOB Family 

UOB is an equal opportunity employer. UOB does not discriminate on the basis of a candidate's age, race, gender, color, religion, sexual orientation, physical or mental disability, or other non-merit factors. All employment decisions at UOB are based on business needs, job requirements and qualifications. If you require any assistance or accommodations to be made for the recruitment process, please inform us when you submit your online application. 

Apply now and make a difference.