Title:  Asst Manager, Threat & Exposure Management (2 Years Contract)

Job ID:  22308
Location: 

ST Engineering Hub, SG

Description: 

Key Job Accountabilities:

  1. Threat & Exposure Management
    • Continuously monitor and assess cyber threats, vulnerabilities, and attack surfaces.
    • Aggregate findings from vulnerability scans, threat intelligence, penetration tests, and red teaming.
    • Identify critical exposures and prioritise based on business risk and impact.
    • Manage takedown services with external providers.
  1. Threat Intelligence Integration
    • Leverage internal and external threat intelligence sources.
    • Map threats to organisational assets and vulnerabilities.
    • Track emerging threats, zero-days, and active campaigns.
  1. Vulnerability Management
    • Coordinate vulnerability scanning activities and ensure coverage.
    • Validate scan results and eliminate false positives.
    • Work with Group IT/International Business Units teams to remediate vulnerabilities.
  1. Attack Surface Management
    • Identify and monitor internal and external attack surfaces.
    • Discover shadow IT, exposed assets, and misconfigurations.
    • Ensure external-facing assets are secured and continuously assessed.
    • Use AI-driven agents to safely simulate and validate exploitability of exposures (AEV) in production-like environments
    • Continuously identify and validate attack paths, privilege escalation, and lateral movement risks. Correlate simulation results into actionable risk insights with proven exploitability.
  1. Collaboration & Stakeholder Engagement
    • Work closely with SOC, Incident Response, Group IT and International Business Units and regional business partners to carry out monitoring of systems for security anomalies and detection of breaches.
    • Advise system owners on remediation and risk mitigation strategies.
    • Support security governance and audit requirements.
  1. Incident Response Management
    • Conduct quarterly Cybersecurity Table-top exercises with line of business.
    • Conduct annual Group wide cybersecurity drill.

Required Experience and Qualifications:

  • Bachelor’s degree in Cybersecurity, Computer Science, Information Technology or related fields.
  • 3-5 years of experience as a technical lead in information security field with proven track record of execution in ensuring the desired outcomes are tied to business needs.
  • Strong experience in IT Operations, developing architectural artifacts including reference architectures, roadmaps, architectural principles, technology standards, security non-functional requirements, architectural decisions and design patterns.
  • Possess strong analytical, problem solving and decision-making skills in a fast paced and dynamic environment.
  • Knowledge in Network, Web Security and Application Security would be highly valued
  • Ability to establish and manage effective working relationships in a matrix environment with other departments, groups and staff with whom work must be coordinated or interfaced.

 

  • Exhibit excellent interpersonal skills among team members and other stakeholders with strong written and oral communication skills.

 

  • Possession of one or more industry-recognised cybersecurity certifications (e.g., CISSP, CISM, CEH, GIAC) is an added advantage.

 

  • Experience with Agentic Exposure Simulation (AES) / Agentic Exposure Validation (AEV) platforms or similar continuous security validation technologies is highly desirable