Job Description

Roles & Responsibilities

The role is responsible for proactively identifying, exploiting, and validating security weaknesses across the organization’s systems, applications, and networks. This includes leading vulnerability assessments, conducting penetration testing, and ensuring effective technical remediation and patch management oversight to reduce organizational risk and strengthen the security posture.

Responsibilities

Offensive Security & Penetration Testing

Plan, execute, and report on penetration testing engagements across web applications, APIs, infrastructure, and cloud environments

Simulate real-world attack scenarios to identify exploitable vulnerabilities

Perform manual and automated testing techniques to uncover complex security flaws

Validate vulnerabilities through exploitation and proof-of-concept development

Conduct red-team style assessments where applicable

Vulnerability Assessment & Management

Establish and manage continuous vulnerability scanning and assessment processes

Perform authenticated and unauthenticated scans across critical assets

Analyze scan results to identify true positives, eliminate false positives, and validate risk

Prioritize vulnerabilities based on exploitability, threat intelligence, and business impact

Expand scan coverage to include previously unassessed or shadow IT assets

Technical Remediation Coordination

Work closely with IT, DevOps, and engineering teams to drive remediation efforts

Provide clear, actionable, and technically detailed remediation guidance

Validate fixes through re-testing and secure configuration reviews

Track remediation progress and enforce SLA adherence

Support secure coding and hardening practices where needed

Patch Management Oversight

Oversee patching cycles for operating systems, applications, and infrastructure components

Ensure timely deployment of critical and high-risk security patches

Align patching priorities with vulnerability risk ratings and active threat intelligence

Monitor patch compliance and highlight gaps or delays

Collaborate with asset owners to minimize exposure windows

Threat Intelligence & Risk-Based Prioritization

Monitor emerging threats, exploits, and zero-day vulnerabilities

Align vulnerability prioritization with current threat landscape and attack trends

Integrate threat intelligence into vulnerability management lifecycle

Implement risk-based vulnerability management methodologies

Tools, Automation & Optimization

Ensure optimal configuration and coverage of security testing tools

Evaluate and implement new offensive security tools and automation frameworks

Develop scripts or automation to enhance testing and validation efficiency

Reporting & Metrics

Develop dashboards and reports for leadership and stakeholders

Track KPIs such as vulnerability aging, remediation SLAs, exploitability, and risk exposure

Provide actionable insights to support risk reduction and decision-making

Perform any other duties assigned to by line manager related to the nature of the work

Enforce, incorporate, and comply with all necessary controls and related information security policies, procedures, practices, training, reporting, personal due diligence and vigilance, within departmental/unit activities and operations.

Qualifications

Preferred Qualifications

A tertiary level qualification from an internationally recognized institution

Industry-recognized certifications in (OSCP (Offensive Security Certified Professional) or CPENT (Certified Penetration Testing Professional)

Senior Manager - Vulnerability Management D360 Bank