AVEVA is a global leader in industrial software. Our cutting-edge solutions are used by thousands of enterprises to deliver the essentials of life – such as energy, infrastructure, chemicals and minerals – safely, efficiently and more sustainably.
We’re the first software business in the world to have our sustainability targets validated by the SBTi, and we’ve been recognized for the transparency and ambition of our commitment to diversity, equity, and inclusion. We’ve also recently been named as one of the world’s most innovative companies.
If you’re a curious and collaborative person who wants to make a big impact through technology, then we want to hear from you! Find out more at AVEVA Careers.
For more information about our privacy policy and how to manage cookies, visit our Privacy Policy.
Job Title: Vulnerability Management Analyst
Organization/department: CISO (Security)
Reports to: Head of Vulnerability Management
Location: Kuala Lumpur, Malaysia
About the job
The AVEVA Security team are seeking a skilled individual to join a high performing global vulnerability management team.
The Vulnerability Management Analyst is responsible for proactively identifying and managing the remediation of vulnerabilities affecting AVEVA’s infrastructure and services. This role requires a broad technical understanding and to be responsible for vulnerability detection, assessment and driving vulnerability remediation across the organisation.
Primary Duties
Conduct vulnerability assessments to identify known vulnerabilities and configuration weaknesses and assess the effectiveness of existing controls and recommends remedial action.
Maintain current knowledge and understanding of the threat landscape and emerging security threats and vulnerabilities.
Analyze risks associated with vulnerabilities, provide detailed reporting, and recommend actionable remediation strategies
Support compliance and risk management activities, recommending security controls and corrective actions to mitigate vulnerability risks.
Serve as an escalation point on issues, dependencies, and risks related to vulnerability scanning and security testing.
Collaborate with multiple stakeholders to prioritize vulnerabilities based on severity, impact, and exploitability.
Support the development of AVEVA’s Vulnerability management policy, process, and procedures.
Managing the end-to-end vulnerability lifecycle from discovery to closure ensuring the relevant resolver team put in place a plan and timely remediation working with both managed service providers and internal IT and Information Security staff.
Utilising information from external vulnerability reporting tools such as Bitsight, RiskRecon, Security Scorecard and vendor vulnerability briefings determine the priority of remediations needed across the AVEVA estate.
Manage security assessment processes, including performing, tracking remediation, validating controls, measuring residual risk, and writing reports.
Coordinate and oversee remediation efforts to ensure timely and effective resolution of security vulnerabilities.
Educational Qualifications and Experience
Minimum of 2 years information and cyber security experience, and experience in IT Vulnerability Management.
Experience using vulnerability scanning tools such as Qualys, Tenable, Rapid7 and vulnerability management platforms (RiskVision, Kenna Security).
Experience managing vulnerability management findings/services for cloud environments (Amazon Web Services, Microsoft Azure, Google Cloud Platform).
Strong understanding of vulnerability management practices and methodologies. Knowledge of common vulnerability frameworks (CVSS, OWASP Top 10).
Working knowledge of system, application, network and database hardening techniques and practices.
Working knowledge of one or more of the following - cloud technologies, internet security, networking protocols or experience with software development.
Strong analytical skills and ability to identify advanced vulnerability threats.
Knowledge and understanding of information risk concepts and principles, as a means of relating business needs to security controls.
Knowledge of and experience in developing and documenting security processes and plans.
Knowledge and experience with implementing common information security management frameworks, such as International Organization for Standardization (ISO) 2700x series, AICPA SOC2 (Service Organization Control), ITIL, COBIT and National Institute of Standards and Technology (NIST) or Centre for Internet Security (CIS) frameworks would be advantageous.
Technical Competency
Having knowledge and experience with as many of the following areas and tools is desired:
Security certifications such as CEH, GPEN, Security+.
Understanding of firewall & networking devices (Cisco, Palo Alto, Checkpoint).
Understanding of desktop and server infrastructure (Microsoft, Linux, MacOS).
Vulnerability Management tools (Qualys, Tenable/Nessus, Rapid 7 Nexpose).
Security rating services such as BitSight, SecurityScorecard and RiskRecon.
Understanding of Cloud Security (Amazon Web Services, Google Cloud Platform).
Working experience of PowerBI
Awareness of the Mitre ATT&CK framework and how it can be used to learn an adversary’s tactics and techniques.
Occupational Personality
Strong analytical, problem solving, written and verbal communication skills and a good attention to detail to identify patterns.
Ability to work both independently and collaboratively as a team member, be curious and to ask questions and share knowledge.
Ability to interact with AVEVA's personnel at all levels of seniority and across all business units and organizations, and to understand business objectives and values.
A strong customer and client focus, with the ability to manage expectations appropriately, to provide a superior customer and client experience and build long-term relationships.
A strong passion for the security domain, be curious with a keenness to learn and develop own skills and knowledge outside of the daily work environment.
Confident in recording and presenting key findings and conclusions to different levels of the business.
AVEVA requires all successful applicants to undergo and pass a comprehensive background check before they start employment. Background checks will be conducted in accordance with local laws and may, subject to those laws, include proof of educational attainment, employment history verification, proof of work authorization, criminal records, identity verification, credit check. Certain positions dealing with sensitive and/or third party personal data may involve additional background check criteria.
AVEVA is an Equal Opportunity Employer. We are committed to being an exemplary employer with an inclusive culture, developing a workplace environment where all our employees are treated with dignity and respect. We value diversity and the expertise that people from different backgrounds bring to our business.
Come and join AVEVA to create the transformative technology that enables our customers to engineer a better world.