Job Description (JD)
| Nama Program | KESELAMATAN SIBER [K622-001-SS:2026] |
|---|---|
| Kod CU | K622-001-SS:2026-C08 |
| Competency | Core |
| Tajuk CU | Cyber Security Vulnerability Management & Security Testing |
| Penerangan CU | Expert Element Overview: Cyber Security Vulnerability Management & Security Testing describes the expert in governing enterprise exposure management, coordinating offensive and defensive testing activities, and strengthening organisational capability to anticipate, detect, and mitigate cyber threats. This includes defining enterprise vulnerability management priorities, evaluating threat surfaces across IT and OT environments, aligning red and blue team activities, validating test outcomes, and providing strategic guidance for remediation and continuous security improvement. The Senior Skills Expert ensures comprehensive visibility of attack vectors, integrates compliance and audit requirements, enhances detection engineering, and drives program maturity through structured assessments, reporting, and capability development across multidisciplinary teams |
| Tempoh Latihan | 0 |
| Objektif Pembelajaran | 1. The person who is expert in this activity should capable to i) Manage vulnerabilities and threat surface; ii) Validate threat outcomes through collaborative testing; iii) Analyse assessments, reporting, and continuous improvement; 2. The outcome of this domain is able to i) Govern enterprise vulnerability management by defining scope, assessing exposures, and prioritising remediation based on business impact and exploitation trends. ii) Validate threat detection and response readiness through coordinated red and blue team activities, aligned testing cycles, and outcome correlation across IT and OT systems. iii) Strengthen organisational resilience by analysing vulnerability assessments, tracking remediation progress, and generating comprehensive reporting for leadership, governance bodies, and regulatory needs. iv) Integrate OT protocols, segmented networks, and field devices into exposure management, ensuring complete visibility across cyber physical environments. v) Drive continuous improvement by using performance metrics, structured training, and intelligence driven insights to enhance controls, detection mechanisms, and strategic security posture. 3. Professional certifications related to this domain expertise include, but are not limited to: i) GIAC Penetration Tester (GPEN) - SANS ii) Global Industrial Cyber Security Professional (GICSP) - SANS iii) GXPN – GIAC Exploit Researcher and Advanced Penetration Tester - SANS iv) Advanced Exploit Development for Penetration Testers - SANS v) ISA/IEC 62443 Cybersecurity Certificate - ISA vi) CompTIA PenTest+ - CompTIA vii) Offensive Security Certified Professional - Offensive Security (OSCP) viii) Offensive Security Exploitation Expert - Offensive Security ix) CREST CRT/CCT - CREST UK x) Certified Penetration Tester (CPT) - Global Ace xi) Certified Ethical Hacking (CEH) - EC-Council xii) Certified Network Defender (CND) - EC-Council |
| Pra-Syarat | K622-001-SE:2026 |

