Lead Threat & Vulnerability Management [RID-00431]

About Setel:

The Future of Mobility

Introduced in July 2018, Setel is a mobile platform that aims to delight customers by innovating for better, inclusive mobility. Setel serves customers across Malaysia by powering one app as the constant companion to ease motorists’ journey across fueling, parking, EV charging, motor insurance, road tax, auto assistance, general purchases, and more across an ecosystem of PETRONAS petrol stations, retail partners, and online merchants.

Role Purpose:

Drive and manage core cyber and defense functions encompassing incident management, threat intelligence and hunting, and vulnerability management, to provide a consistently informed view of cyberthreats to Setel’s landscape and enable more effective safeguarding of Setel landscape, digital assets and reputation.

In this role you will:

• Establish and maintain the overarching threat profile of Setel by analyzing and extracting input from threat intelligence and threat hunting activities, findings from vulnerability scans on digital asset inclusive of CI/CD Pipeline and CS business risk assessments, related exercises (e.g. penetration testing, red team exercises, cyber drills, compromise assessment), and lessons learned from incident management, to ensure an up-to-date understanding of Setel’s exposure to cyberthreats.
• Manage the technology, people, and processes related to the effective incident management by enabling the practice of receiving, monitoring, investigating, analyzing, and escalating cyber security alerts, as well as managing and coordinating responses to cyber security incidents, including communications to and with key stakeholders (including external parties e.g. teams in Security Operations Center, Bank Negara Malaysia, PETRONAS Dagangan Berhad, etc.) to ensure the effective management of response and remediation of cyber incidents.
• Manage and deploy risk-based initiatives/processes to test adherence of products and services in Setel’s landscape to the established enterprise security architecture and corresponding controls, e.g. through penetration testing, vulnerability assessments, cyber drills, compromise assessment etc., to ensure vulnerabilities in Setel’s landscape are identified and mitigated in a timely manner.
• Establish and manage the gathering and reporting capabilities of threat intelligence and threat hunting from public and commercial sources, to ensure up-to-date information inclusive of false positive removal and subsequent actions to be taken regarding potential threats to Setel’s landscape.
• Manage the consolidated security reporting of  analytic and monitoring tools across various environments (e.g. SIEM, DLP, cloud, etc.) to determine incident patterns and vulnerabilities and prepare potential insights for consideration to safeguard the Setel’s landscape.
• Ensure the integration of the analysis, outcomes and findings from incidents, threat intel/threat hunting reports and vulnerability management to the cybersecurity risk register, to enable more effective prioritization of risk mitigation according to risk and criticality.
• Act as primary focal with external parties (e.g. including external parties e.g. teams in Security Operations Center, Bank Negara Malaysia, PETRONAS Dagangan Berhad, etc.) on areas involving incident management, threat intelligence/threat hunting and vulnerability management, to ensure consistent narrative and information dissemination with respect to Setel’s security posture.
• Cover the tasks of other Leads in the department (as and when necessary), and collaborate with both internal stakeholders and external third parties in ensuring the delivery of cyber initiatives and the compliance with requirements.
• Assist with any related tasks, projects, and other assigned duties as and when deemed necessary.
• Ensure adherence to the compliance of company policies, industry regulations and legal requirements. 

You're a great fit if you have:

• Bachelor’s Degree in computer science, information systems, engineering, software engineering or a related discipline
• Cybersecurity certifications
• Experience of at least 10 years in technology-related areas, with a latter emphasis on cybersecurity incident management, vulnerability management and/or threat intelligence/threat hunting (within the last 2-3 years)
• Experience in translating diverse cyber threat information into relatable business requirements to support effective and efficient threat mitigation
• Regularly communicate state of cyber security posture, threats and incidents to impacted teams and provide practical reports to senior leadership
• Practise and apply knowledge of overarching cybersecurity threat landscape alongside cyber security governances, guidelines and risks
• Experience deploying cybersecurity in the financial services industry is advantageous
• Ability to handle sensitive information with confidentiality.
• Excellent communication and interpersonal skills.
• Possess skills such as Cybersecurity Governance, Threat Intelligence & Hunting, Cyber Drill/Red Team Exercise/Compromise Assessment, Cyber Incident Management, Vulnerability & Patch Management, Risk Management, Cloud-AWS & Google, DevSecOps-SAST & DAST, Vulnerability Scanning Tools.  

What Makes Working With Us Awesome

• Our people and culture: You will get to work with awesome and friendly colleagues to whom you can expect to collaborate well to deliver your work. Empowerment is given and you will get a lot of opportunities for peer-learning.
• Availability of tools and applications: You will be provided with different tools to facilitate your work. Automate your work whenever possible so that you can focus on delivering impact for your role.
• Development focused: Your learning and growth matters most for us. We are people centric and always ready to help our people to define what they want to make an impact on and craft their learning plan accordingly.

Cool Perks/Benefits

• Hybrid working arrangement; Flexible working hours.
• Relax and unwind at the leisure area with video games, board games, books, and more.
• Wear your favourite jeans, or any cool OOTD so that you can work comfortably (in style).
• Coffee, tea, or snacks are available for consumption at the pantry. Because you’ll be happier with a full tummy.
• A healthy body leads to a brilliant mind. Let’s get moving with the inter-company sports team.
• There will be workshops, talent shows, sport activities, and other events for sharing and bonding.

Personal Data Protection

Setel Ventures Sdn Bhd (“Setel”, “we”, “our” “us”) is committed to protecting and respecting your privacy. This Setel privacy statement (“Privacy Statement”) explains what personal data we collect about you, when and why we collect it, how we use it, the conditions under which we may disclose it to others, your rights to your personal data and how we keep it secure. This Privacy Statement covers both our online and offline collection activities, including personal data that we collect through online platforms such as websites, applications, third party social networks or our online and physical events, or through other third parties that we work with. Please read this Privacy Statement carefully to understand our views and practices regarding your personal data.