JOB DESCRIPTION

Job Description (JD)

Nama ProgramKESELAMATAN SIBER [K622-001-SS:2026]
Kod CUK622-001-SS:2026-C08
CompetencyCore
Tajuk CUCyber Security Vulnerability Management & Security Testing
Penerangan CUExpert Element Overview:
Cyber Security Vulnerability Management & Security Testing describes the expert in governing enterprise exposure
management, coordinating offensive and defensive testing activities, and strengthening organisational capability to
anticipate, detect, and mitigate cyber threats. This includes defining enterprise vulnerability management priorities,
evaluating threat surfaces across IT and OT environments, aligning red and blue team activities, validating test
outcomes, and providing strategic guidance for remediation and continuous security improvement. The Senior Skills
Expert ensures comprehensive visibility of attack vectors, integrates compliance and audit requirements, enhances
detection engineering, and drives program maturity through structured assessments, reporting, and capability
development across multidisciplinary teams
Tempoh Latihan0
Objektif Pembelajaran1. The person who is expert in this activity should capable to
i) Manage vulnerabilities and threat surface;
ii) Validate threat outcomes through collaborative testing;
iii) Analyse assessments, reporting, and continuous improvement;
2. The outcome of this domain is able to
i) Govern enterprise vulnerability management by defining scope, assessing exposures, and prioritising
remediation based on business impact and exploitation trends.
ii) Validate threat detection and response readiness through coordinated red and blue team activities, aligned
testing cycles, and outcome correlation across IT and OT systems.
iii) Strengthen organisational resilience by analysing vulnerability assessments, tracking remediation progress,
and generating comprehensive reporting for leadership, governance bodies, and regulatory needs.
iv) Integrate OT protocols, segmented networks, and field devices into exposure management, ensuring complete
visibility across cyber physical environments.
v) Drive continuous improvement by using performance metrics, structured training, and intelligence driven
insights to enhance controls, detection mechanisms, and strategic security posture.
3. Professional certifications related to this domain expertise include, but are not limited to:
i) GIAC Penetration Tester (GPEN) - SANS
ii) Global Industrial Cyber Security Professional (GICSP) - SANS
iii) GXPN – GIAC Exploit Researcher and Advanced Penetration Tester - SANS
iv) Advanced Exploit Development for Penetration Testers - SANS
v) ISA/IEC 62443 Cybersecurity Certificate - ISA
vi) CompTIA PenTest+ - CompTIA
vii) Offensive Security Certified Professional - Offensive Security (OSCP)
viii) Offensive Security Exploitation Expert - Offensive Security
ix) CREST CRT/CCT - CREST UK
x) Certified Penetration Tester (CPT) - Global Ace
xi) Certified Ethical Hacking (CEH) - EC-Council
xii) Certified Network Defender (CND) - EC-Council
Pra-SyaratK622-001-SE:2026