Title: Asst Manager, Threat & Exposure Management (2 Years Contract)
Job ID:
22308
Location:
ST Engineering Hub, SG
Description:
Key Job Accountabilities:
- Threat & Exposure Management
-
- Continuously monitor and assess cyber threats, vulnerabilities, and attack surfaces.
- Aggregate findings from vulnerability scans, threat intelligence, penetration tests, and red teaming.
- Identify critical exposures and prioritise based on business risk and impact.
- Manage takedown services with external providers.
- Threat Intelligence Integration
-
- Leverage internal and external threat intelligence sources.
- Map threats to organisational assets and vulnerabilities.
- Track emerging threats, zero-days, and active campaigns.
- Vulnerability Management
-
- Coordinate vulnerability scanning activities and ensure coverage.
- Validate scan results and eliminate false positives.
- Work with Group IT/International Business Units teams to remediate vulnerabilities.
- Attack Surface Management
-
- Identify and monitor internal and external attack surfaces.
- Discover shadow IT, exposed assets, and misconfigurations.
- Ensure external-facing assets are secured and continuously assessed.
- Use AI-driven agents to safely simulate and validate exploitability of exposures (AEV) in production-like environments
- Continuously identify and validate attack paths, privilege escalation, and lateral movement risks. Correlate simulation results into actionable risk insights with proven exploitability.
- Collaboration & Stakeholder Engagement
-
- Work closely with SOC, Incident Response, Group IT and International Business Units and regional business partners to carry out monitoring of systems for security anomalies and detection of breaches.
- Advise system owners on remediation and risk mitigation strategies.
- Support security governance and audit requirements.
- Incident Response Management
-
- Conduct quarterly Cybersecurity Table-top exercises with line of business.
- Conduct annual Group wide cybersecurity drill.
Required Experience and Qualifications:
- Bachelor’s degree in Cybersecurity, Computer Science, Information Technology or related fields.
- 3-5 years of experience as a technical lead in information security field with proven track record of execution in ensuring the desired outcomes are tied to business needs.
- Strong experience in IT Operations, developing architectural artifacts including reference architectures, roadmaps, architectural principles, technology standards, security non-functional requirements, architectural decisions and design patterns.
- Possess strong analytical, problem solving and decision-making skills in a fast paced and dynamic environment.
- Knowledge in Network, Web Security and Application Security would be highly valued
- Ability to establish and manage effective working relationships in a matrix environment with other departments, groups and staff with whom work must be coordinated or interfaced.
- Exhibit excellent interpersonal skills among team members and other stakeholders with strong written and oral communication skills.
- Possession of one or more industry-recognised cybersecurity certifications (e.g., CISSP, CISM, CEH, GIAC) is an added advantage.
- Experience with Agentic Exposure Simulation (AES) / Agentic Exposure Validation (AEV) platforms or similar continuous security validation technologies is highly desirable