315 Vulnerability Assessments jobs in Kuala Lumpur

Main Responsibilities

• Security Monitoring and Incident Management o Working with external SOC providers in managing SIEM logs, cyber alerts, endpoint protections, email security and threat intelligence feeds. Investigate, triage and take necessary proactive measures including timely escalate to management.
• Threat and Vulnerability Management
• Conduct periodic vulnerability assessment of the IT application systems, system management, network and communication infrastructure, and security infrastructure.
• Analyse the logs of the various systems including firewalls, IDS/IPS, etc for initiating preventive and/or corrective measures.
• Continuously monitor, measure, and report security posture to management.
• Identity and Access Management (IAM)
• Ensure that processes exist for the creation, modification, access privileges and deletion of user id.
• Review access rights regularly to enforce least privilege for both users and system administrators, and segregation of duty within IT.
• Review Privileged access activities.
• User access management
• Security Technology Administration
• Work with external consultants or IT security service providers as appropriate for security audit and solution.
• Maintain and operate security tools such as firewalls, EDR, WAF, Proxy, email security, DLP, IPS, VPN, NAC, etc.
• Perform health checks, updates and configuration reviews of security systems.
• Recommend and implement security solutions to enhance resilience and compliance.
• Security Baseline and Hardening
• Enforce security configuration baselines for servers, network & security devices, databases, endpoints, and cloud resources.
• Review and update baseline configurations periodically.
• Security Compliance and Audit Support
• Support security-related audits and regulatory activities.
• Prepare documentation and evidence to demonstrate compliance with RMiT and internal policies.
• Assist in drafting and updating security SOPs and guidelines.
• Manage the development and implementation of IT security SOP, standards, guidelines, and procedures to ensure on-going maintenance of security.
• Security Awareness
• Supporting initiatives in promoting security best practices.
• To perform other duties assigned by management.

Job Requirement

At least 5 years' experience in IT security infrastructure (support and operations).

Additional Notes

• Qualification Minimum a Bachelor's Degree in IT, Computer Science, Cybersecurity or equivalent. Certification
• Must possess relevant certification in Security domain, with preference on CompTIA Security+, CEH, CISM and CISSP.
• ITIL foundation will be added advantage.

Job Type: Full-time

Pay: RM8, RM12,000.00 per month

Benefits:

• Health insurance
• Opportunities for promotion
• Professional development

Responsibilities

• Should have experience of 5+ years in SOC.
• Ensure the Customer's operational and production environment remains secure at all the times and any threats are raised and addressed in a timely manner.
• Critical incident handling & closure.
• Escalation management and handling escalations from L1 Analysts.
• Proactive discovery of threats based on MITRE ATT&CK framework.
• Deep investigation and analysis of critical security incidents.
• Post breach incident analysis reporting.
• Review the weekly and monthly reports.
• New use case creation and implement in cloud-native SIEM (Security Information and Event Management).
• Assist with customer onboarding (such as use case development, identifying data sources, configuring data connectors etc)

Requirement

• Experience of working in large scale, public cloud environments and with using cloud native security monitoring tools such as: -

o Microsoft Sentinel

o Microsoft 365 Defender

o Microsoft Defender for Cloud

o Endpoint Detection & Response (EDR) tools such as Crowdstrike, Microsoft Defender for Endpoint.

o Firewalls and network security tools such as Palo Alto, Fortinet, Juniper, and Cisco.

o Web Application Firewall (WAF) tools such as Cloudflare, Akamai and Azure WAF.

o Email Security tools such as Proofpoint, Mimecast and Microsoft Defender for Office

o Data Loss Prevention (DLP) tools such as Microsoft Purview, McAfee and Symantec

• Nice to have skills/experience includes:

o Google Cloud Platform (GCP) security tools such as Chronicle and Security Command Centre

o Amazon Web Services (AWS) security tools such as Security Hub, AWS Guard Duty, AWS Macie, AWS Config and AWS CloudTrail

o Experience of analysing malware and email headers, and has skills in network security, intrusion detection and prevention systems; operating systems; risk identification and analysis; threat identification and analysis and log analysis.

o Experience of security controls, such as network access controls; identity, authentication, and access management controls (IAAM); and intrusion detection and prevention controls.

Key Responsibilities

• Conduct technical penetration tests across web applications, mobile apps, APIs, internal/external networks, and cloud environments (AWS, Azure, GCP).
• Perform vulnerability assessments and red teaming exercises for clients in financial services, healthcare, and critical infrastructure.
• Deliver detailed, actionable reports with risk ratings, technical findings, remediation guidance, and executive summaries.
• Support the development of our automated security validation platform by feeding real-world attack patterns into detection logic.
• Participate in incident response engagements and post-breach forensic analysis as needed.
• Collaborate with developers and DevOps teams to embed secure practices (Shift-Left Security).
• Maintain up-to-date knowledge of the latest attack vectors (e.g., OWASP Top 10, MITRE ATT&CK) and defensive countermeasures.
• Assist in achieving and maintaining compliance with standards such as ISO 27001, SOC 2, PDPA, and MAS TRM.
• Mentor junior analysts and contribute to internal security research and tooling.

Required Qualifications & Skills

• Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or related field.
• Minimum 3 years of hands-on experience in penetration testing and vulnerability assessment.
• CREST Certified Penetration Tester (CRT) or CREST Registered Penetration Tester (CPT) – mandatory preferred ; applicants actively pursuing certification will be considered.

Hold one or more of the following certifications:

• OSCP (Offensive Security Certified Professional) – highly valued
• CEH, CISSP, CompTIA PenTest+

Proven experience using tools such as:

• Burp Suite, Metasploit, Nmap, Wireshark, SQLMap, Cobalt Strike, Nessus, Acunetix
• Cloud security tools (e.g., ScoutSuite, Prowler, AWS Inspector)

Strong understanding of:

• Web and mobile application security
• Network protocols and firewall bypass techniques
• Identity & access management (IAM), API security

• Common exploits (e.g., XSS, CSRF, SSRF, RCE, IDOR)

• Solid scripting skills (Python, Bash, or PowerShell) for automation and custom exploit development.

• Familiarity with Singapore-specific regulatory frameworks: PDPA, MAS TRM, CSA Essential Cyber Hygiene.

Preferred Attributes

• Experience conducting assessments for Financial Institutions -regulated entities or government agencies.
• Participation in bug bounty programs (HackerOne, Bugcrowd) with proven track record.
• Knowledge of cloud-native architectures and containerized environments (Docker, Kubernetes).
• Experience with adversary simulation or purple teaming.
• Active contributor to cybersecurity communities (blogs, CTFs, conferences).

What We Offer

• Competitive salary (RM80,000 – RM130,000, based on experience and certification)
• Full support for certification renewals and advanced training (e.g., OSCE, CRTO, GXPN)
• Flexible working hours and hybrid work model
• Opportunities to lead high-impact client engagements and shape the security offering
• Sponsorship for CREST membership and international accreditations

Application Process

We take quality seriously. Shortlisted candidates will undergo:

1. Technical screening (skills verification)
2. Practical penetration testing challenge (scoped lab environment)
3. Interview Head of Security

Note: All candidates must pass a background check. Prior consultancy or MSSP experience is advantageous.

Security Analyst | Insurance Industry | Contract

We are seeking a
Security Analyst
to support our insurance client in strengthening their cybersecurity posture. This role involves monitoring and responding to security events, performing risk and vulnerability assessments, and ensuring compliance with industry standards.

Job Responsibilities:

• Strategic Oversight: Develop and implement security operations strategies to protect the organization's IT infrastructure and data.
• Threat Detection and Response: Lead efforts to monitor, detect, and respond to security incidents and threats, conducting thorough investigations and root cause analyses.
• Vulnerability Management: Conduct regular vulnerability assessments/penetration test activities, ensuring timely reporting for remediation of identified security weaknesses.
• Security Tools Management: Manage and optimize security tools and technologies, such as SIEM, intrusion detection/prevention systems, and endpoint protection solutions.
• Policy Development: Contribute to the development and enforcement of security policies, procedures, and standards, ensuring alignment with industry regulations and best practices.
• Mentorship and Leadership: Mentor and provide guidance to junior security staff, fostering a culture of continuous learning and improvement.
• Collaboration: Work closely with IT, network, and application teams to integrate security into all aspects of the organization's technology environment.
• Continuous Improvement: Stay informed about emerging security threats and trends, recommending enhancements to improve the organization's security posture.
• Cloud Management: Deploy, manage, and monitor cloud-based infrastructure. Implement and manage cloud security measures to protect data and systems.
• Automation: Develop and implement automation scripts and tools to improve system efficiency and reduce manual intervention.
• Global Collaboration: Work with global teams to manage and deliver globally managed services. Coordinate with global teams to ensure alignment and consistency in service delivery.
• Any other duties when deemed necessary. Completing projects on various issues when needed

Requirements:

• Bachelor's degree in computer science, information technology, cybersecurity, or a related field.
• 3-6 years of experience in information security, network security, or a related role in senior-level experience.
• Extensive knowledge of security principles, practices, and technologies.
• Experience with advanced security monitoring and incident response tools and technologies.
• Proficiency in scripting or programming languages (e.g., Python, PowerShell) for automation tasks.
• Knowledge and experience working within cloud enviroment/platform e.g. AWS, Azure, etc.
• Experience with cloud platforms and cloud-based services.
• Proficiency in automation scripting & toolings
• Familiarity with cloud security and security frameworks (e.g., NIST, ISO
• Strong analytical and problem-solving skills.
• Excellent communication and interpersonal skills, with the ability to lead and collaborate effectively with cross-functional teams.
• Ability to work independently and manage multiple projects simultaneously.
• Certifications in security or related areas (e.g., Certified Information Systems Security Professional - CISSP, Certified Information Security Manager - CISM) are a plus.
• This role may require on-call availability and working outside regular hours to respond to security incidents or perform scheduled maintenance.
• The position may involve collaboration with remote teams and vendors to ensure effective security operations and support.

• Strategic Oversight: Develop and implement security operations strategies to protect the organization's IT infrastructure and data.

• Threat Detection and Response: Lead efforts to monitor, detect, and respond to security incidents and threats, conducting thorough investigations and root cause analyses.

• Vulnerability Management: Conduct regular vulnerability assessments/penetration test activities, ensuring timely reporting for remediation of identified security weaknesses.

• Security Tools Management: Manage and optimize security tools and technologies, such as SIEM, intrusion detection/prevention systems, and endpoint protection solutions.

• Policy Development: Contribute to the development and enforcement of security policies, procedures, and standards, ensuring alignment with industry regulations and best practices.

• Mentorship and Leadership: Mentor and provide guidance to junior security staff, fostering a culture of continuous learning and improvement.

• Collaboration: Work closely with IT, network, and application teams to integrate security into all aspects of the organization's technology environment.

• Continuous Improvement: Stay informed about emerging security threats and trends, recommending enhancements to improve the organization's security posture.

• Cloud Management: Deploy, manage, and monitor cloud-based infrastructure. Implement and manage cloud security measures to protect data and systems.

• Automation: Develop and implement automation scripts and tools to improve

system efficiency and reduce manual intervention.

• Global Collaboration: Work with global teams to manage and deliver globally

managed services. Coordinate with global teams to ensure alignment and

consistency in service delivery.

• Any other duties when deemed necessary. Completing projects on various issues when needed

• Bachelor's degree in computer science, information technology, cybersecurity, or a related field.

• 5+ years of experience in information security, network security, or a related role in senior-level experience.

• Extensive knowledge of security principles, practices, and technologies.

• Experience with advanced security monitoring and incident response tools and technologies.

• Proficiency in scripting or programming languages (e.g., Python, PowerShell) for automation tasks.

• Knowledge and experience working within cloud enviroment/platform e.g. AWS, Azure, etc.

• Experience with cloud platforms and cloud-based services.

• Proficiency in automation scripting & toolings

• Familiarity with cloud security and security frameworks (e.g., NIST, ISO

• Strong analytical and problem-solving skills.

• Excellent communication and interpersonal skills, with the ability to lead and

collaborate effectively with cross-functional teams.

• Ability to work independently and manage multiple projects simultaneously.

• Certifications in security or related areas (e.g., Certified Information Systems

Security Professional - CISSP, Certified Information Security Manager - CISM) are a plus.

• This role may require on-call availability and working outside regular hours to

respond to security incidents or perform scheduled maintenance.

• The position may involve collaboration with remote teams and vendors to ensure effective security operations and support.

Job Types: Full-time, Contract

Contract length: 12 months

Pay: RM1.00 - RM2.00 per month

Work Location: In person

Ensign is hiring

Job Summary:

The Security Analyst Level 1 is responsible for monitoring, analyzing, and responding to security events and incidents within the organization's IT environment. This entry-level role involves supporting the cybersecurity team in protecting the company's information assets, identifying vulnerabilities, and ensuring compliance with security policies and best practices.

Key Responsibilities:

• Monitor security alerts and logs from various security tools such as SIEM (Security Information and Event Management) systems, firewalls, antivirus, and intrusion detection/prevention systems.
• Investigate and analyze potential security incidents or breaches and escalate as necessary to senior analysts or incident response teams.
• Perform routine security assessments and vulnerability scans to identify and report risks.
• Assist in maintaining and updating security documentation, policies, and procedures.
• Participate in security awareness training programs for employees.
• Support compliance efforts with relevant regulations and standards (e.g., GDPR, HIPAA, PCI-DSS).
• Collaborate with IT teams to implement security controls and mitigate identified risks.
• Stay updated with the latest cybersecurity trends, threats, and technologies.

Qualifications:

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or related field (or equivalent experience).
• Basic understanding of network protocols, operating systems, and security concepts.
• Familiarity with security tools like SIEM, firewalls, antivirus software, and vulnerability scanners.
• Strong analytical and problem-solving skills.
• Good communication skills for documenting incidents and collaborating with teams.
• Relevant certifications (e.g., CompTIA Security+, SSCP) are a plus but not required.

Experience:

• 0-2 years of experience in IT or cybersecurity roles preferred but not mandatory. Entry-level candidates with a strong interest in cybersecurity are encouraged to apply.

Qualifications

• Bachelor or Master's Degree in Computer Science, Information Systems, or equivalent experience.
• Minimum 3 years of experience in the Cyber Security & Infrastructure fields
• Security tool implementation and operational experience/application security technology experience
• CISSP - Certified Information Systems Security Professional Certifications or other relevant professional certifications.

Work Conditions

• Work on daytime shift. However, when security incidents occur, he/she might be required to work on holidays or at night.
• Communicate via email, MS Teams, web meetings, etc.
• Required oversea business trips if necessary (KL / Ipoh / SG)

Job Description

• Senior Specialist, Information Security Incident Response Lead, responsible for CSIRT operations in cyber security.
• This position is engaged and responsible for SecOps (security operations), security incident handling, SOC response, etc.
• Be responsible for handling overall SecOps in cooperation with partner IT vendors and related internal departments as a member of the incident handling team within CSIRT.
• Work with partner IT vendors that maintain information security infrastructure tools implemented in our company.
• Monitor and continuously assess the IT security aspects and impact.
• Knowledge and strong understanding on CIS CSC to continuously improve IT security
• Reporting to Regional IT GM, Mgrs and the head of Global Security Team.

Job Type: Full-time

Pay: RM8, RM12,000.00 per month

Benefits:

• Opportunities for promotion

Work Location: In person

Join to apply for the Security Analyst L2 role at Logicalis Asia Pacific

1 week ago Be among the first 25 applicants

Join to apply for the Security Analyst L2 role at Logicalis Asia Pacific

Why choose Logicalis?

As Architects of Change, Logicalis' focus is to design, support and execute clients' digital transformation by uniting their vision with their technology expertise and industry insights. The company, through its deep understanding of key IT industry drivers such as security, cloud, data management and IoT, can address customer priorities such as revenue growth and business, operational efficiency, innovation, risk and compliance, data governance and sustainability.

Why choose Logicalis?

As Architects of Change, Logicalis' focus is to design, support and execute clients' digital transformation by uniting their vision with their technology expertise and industry insights. The company, through its deep understanding of key IT industry drivers such as security, cloud, data management and IoT, can address customer priorities such as revenue growth and business, operational efficiency, innovation, risk and compliance, data governance and sustainability.

We strengthen our purpose: to design, support, and execute our customers' digital transformation by converging their vision with our technological expertise and knowledge of the industry. The brand refresh underpins both the evolution of Logicalis’ positioning as well as our strategic vision for growth.

Accountabilities:

• Work in 24x7 shift environment to handle security incidents and provide level two (L2) support during analysis & investigations to identify the root cause.
• Provide detailed remediation recommendation to customers for the incidents within agreed SLAs, and if required assist them during remediation implementation.
• Execute SOC playbooks, knowledge base to minimize the security incident impact and perform detailed investigation on the infected assets.
• Escalate critical incidents to 3rd level support team, for further analysis & investigations, and demonstrate excellent collaboration skills for timely resolution to minimize impact to customers.
• Review 3rd party threat intel feeds and integrate them into MSS platforms to provide value to our customers.
• Prepare SOC monthly reports, which includes customization based on business requirements and present them to customers during monthly meetings, highlighting risks and mitigation plans.
• Enable regional L1 Security Analysts to deliver seamless L1 support by developing SOC playbooks, relevant and sufficient knowledge base.
  
  

• Candidate should have at least 3 years of experience working in SOC and MSS environments, with a Bachelor’s degree in Computer Science/IT/Information security.
• Excellent hands-on experience on incident analysis using SIEM platforms such as Microsoft Sentinel, IBM QRadar.
• Hands on experience on any Endpoint Protection (EPP) or Endpoint Detection Response (EDR) technologies. Preferred if Microsoft Defender, CrowdStrike.
• Exposure to firewall technologies such as Cisco, Palo Alto, Checkpoint, Fortinet.
• Good understanding of WIN, LINUX environments and well versed with basic LINUX commands and troubleshooting, with a proven Unix (Solaris, Linux, BSD) experience.
• Knowledge on any shell scripting language, and to apply them to automate mundane operations tasks.
• Candidate should have at least one cybersecurity industry certification such as CEH, CHFI.
• Good understanding of basic network concepts and advantage if exposure to cloud technologies.
• Lateral thinking combined with excellent troubleshooting skills, preferably with experience following ITIL standards

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Information Technology
• Industries IT Services and IT Consulting

Referrals increase your chances of interviewing at Logicalis Asia Pacific by 2x

Get notified about new Security Analyst jobs in Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia .

Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 6 days ago

Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 1 week ago

Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 1 day ago

Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 3 months ago

Petaling Jaya, Selangor, Malaysia 2 months ago

Federal Territory of Kuala Lumpur, Malaysia 1 day ago

Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 1 week ago

Petaling Jaya, Selangor, Malaysia 5 days ago

Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 2 weeks ago

Petaling Jaya, Selangor, Malaysia 20 hours ago

Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 2 weeks ago

Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 1 year ago

Kuala Lumpur City, Federal Territory of Kuala Lumpur, Malaysia 4 months ago

WP. Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 2 months ago

Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 2 weeks ago

Federal Territory of Kuala Lumpur, Malaysia 1 week ago

Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 1 week ago

Petaling Jaya, Selangor, Malaysia 1 month ago

Kuala Lumpur City, Federal Territory of Kuala Lumpur, Malaysia 1 week ago

Kota Damansara, Selangor, Malaysia 3 weeks ago

Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 2 months ago

Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 2 months ago

Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 2 months ago

WP. Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 1 week ago

Petaling Jaya, Selangor, Malaysia 6 days ago

Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 2 months ago

WP. Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 5 days ago

Federal Territory of Kuala Lumpur, Malaysia 5 days ago

Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 4 months ago

Federal Territory of Kuala Lumpur, Malaysia 1 week ago

Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 5 days ago

WP. Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 2 weeks ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Overview

Job location: Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia. Employment type: Full-time. Seniority level: Mid-Senior level. Job function: Information Technology. Industry: Human Resources Services.

As Architects of Change, Logicalis focuses on designing, supporting and executing clients' digital transformation by uniting their vision with technology expertise and industry insights. The company addresses customer priorities such as revenue growth, operational efficiency, innovation, risk and compliance, data governance and sustainability through its deep understanding of IT drivers such as security, cloud, data management and IoT.

• Work in a 24x7 shift environment to handle security incidents and provide level two (L2) support during analysis and investigations to identify the root cause.
• Provide detailed remediation recommendations to customers for incidents within agreed SLAs, and assist during remediation implementation if required.
• Execute SOC playbooks and maintain knowledge base to minimize security incident impact; perform detailed investigations on infected assets.
• Escalate critical incidents to 3rd level support for further analysis and investigations; demonstrate collaboration to achieve timely resolution and minimize customer impact.
• Review 3rd party threat intel feeds and integrate them into MSS platforms to provide value to customers.
• Prepare SOC monthly reports, customized based on business requirements, and present them to customers during monthly meetings, highlighting risks and mitigation plans.
• Enable regional L1 Security Analysts to deliver seamless L1 support by developing SOC playbooks and a relevant knowledge base.

• Candidate should have at least 3 years of experience in SOC and MSS environments, with a Bachelor’s degree in Computer Science/IT/Information Security.
• Excellent hands-on experience in incident analysis using SIEM platforms such as Microsoft Sentinel and IBM QRadar.
• Hands-on experience with Endpoint Protection (EPP) or Endpoint Detection and Response (EDR) technologies; preferred experience with Microsoft Defender, CrowdStrike.
• Exposure to firewall technologies such as Cisco, Palo Alto, Checkpoint, Fortinet.
• Good understanding of Windows and Linux environments; familiar with basic Linux commands and troubleshooting; proven Unix experience (Solaris, Linux, BSD).
• Knowledge of any shell scripting language and ability to apply it to automate routine tasks.
• At least one cybersecurity industry certification such as CEH or CHFI.
• Good understanding of basic network concepts; cloud technology exposure is an advantage.
• Lateral thinking with excellent troubleshooting skills; preferably experience following ITIL standards.

Additional job postings and company information are listed within the original posting, including roles such as IT Security Governance and Risk Management Senior Analyst, GRC Analyst, Information Security Operations Team Lead, and others in Kuala Lumpur and surrounding areas.