Vulnerability Management Analyst (SG)

Crypto.com was founded in 2016 on a simple belief: it's a basic human right for everyone to control their money, data and identity. With over 10+ million users on its platform today, Crypto.com provides a powerful alternative to traditional financial services, turning its vision of "cryptocurrency in every wallet" into reality, one customer at a time. Crypto.com is built on a solid foundation of security, privacy and compliance and is the first cryptocurrency company in the world to have CCSS Level 3, ISO27001:2013 and PCI:DSS 3.2.1, Level 1 compliance. Crypto.com is with a 2600+ strong team globally. For more information, please visit www.crypto.com.

Description

Crypto.com is seeking experienced Vulnerability Management & Configuration Management analysts to join our high-performing and agile team. This role has the direct responsibility for supporting the Vulnerability Management and Configuration Management program. The Vulnerability Management Analyst will perform assessments of systems and networks within the network environment or enclave and identify where those systems/networks deviate from acceptable configurations, enclave policy, or local policy. The Vulnerability Management Analyst will measure effectiveness of defense-in-depth architecture against known vulnerabilities.

Responsibilities

• Assist in the analysis and remediation of findings discovered during scheduled internal and third party vulnerability scans and penetration tests
• Review and triage vulnerability alerts into manageable reports for other analysts and management to review
• Assist in asset management activities
• Manage vulnerability and configuration scanning tools, like setting up vulnerability scanners, scheduling scans, tuning scanning profiles, etc.
• Use asset risk profiles, vulnerability severity ratings, and threat information to communicate priorities for remediating vulnerabilities
• Provide stakeholders with advice and assistance in identifying false positives and cost-effective vulnerability remediation or mitigation solutions
• Develop security documentation under the guidance of the Vulnerability Management & Configuration Management Lead
• Assist in patching remediation actions like providing scripts
• Provide support and input for assessing risks associated with unmitigated vulnerabilities and configuration weaknesses.
• Support asset management initiatives by assisting with asset identification, classification and ownership.

Requirements

• 3+ years of experience working in information security
• 2+ years of experience in vulnerability assessment & remediation
• Knowledge of common framework like CIS, NIST, etc.
• Experience conducting security risk assessments
• Experience of using vulnerability management tools like Tenable, Qualyst, Tripwire, etc.
• Cloud experience (AWS, Azure, GCP) a plus.
• Proficiency in a scripting language like Python, PowerShell, or Bash is preferred.
• Information Security certifications (CISSP, SANS GIAC, Security+, etc.) a plus.
• High work ethic and sense of ownership for the delivered results.
• Excellent communication skills in English (spoken & written) and comfort communicating security risks and controls to technical and non-technical partners required.

Benefits

• We offer an attractive compensation package working in a cutting-edge field of combining cryptocurrency and financial services.
• Huge responsibilities from Day 1. Be the owner of your own learning curve. The possibilities are limitless and depend on you.
• You get to work in a very dynamic environment and be part of an international team.
• Flexible working.