Search Jobs
Search by job, company or skills
Search by job, company or skills
Life at U Mobile
We are Passionate, Innovative, Trustworthy, Team-Oriented & Fun-Loving.
At U Mobile, we are always on the lookout for great talents and passionate individuals to join our growing team.
Let's start your journey with an award-winning organization!
#UnbeatableCareerAwaits
Top Reasons To Join Us!
Awarded For
o Most Preferred Employers in Telecommunication Industry (2022, 2023 & 2024)
o Bronze Winner in Cross-Generational Workforce Engagement (2024)
o Gold Winner for Excellence in Workplace Culture (2021)
Comprehensive medical, dental, optical and insurance benefits
Flexi working hours arrangements
Staff Line & Device Subsidy
Smart Casual Attire
Child Parental Care Leave
Convenient location with access to public transport (Imbi Monorail/Bukit Bintang MRT)
Special employee discounts for selected F&B Brands
Role
The Day-To-Day Activities
Vulnerability Management
Own the end-to-end vulnerability scanning cycle for infrastructure, endpoints, network devices, containers, and cloud workloads (scheduled and ad hoc).
Tune scanners, maintain asset groupings and credentialed scans, ensure coverage, and reduce false positives.
Triage and validate findings, assign severity based on CVSS, exploitability, business impact, and asset criticality.
Coordinate remediation with platform, network, and application teams; track SLAs and exceptions; escalate overdue items.
Manage patch verification and re-scan cycles; maintain a risk-accepted backlog with documented compensating controls.
Produce executive and operational reports (e.g., vulnerability backlog trend, Mean Time To Remediate, exposure by asset class).
Integrate vulnerability data into SIEM/SOAR/GRC for correlation and workflow automation where possible.
Security Compliance & Assurance
Plan and execute periodic compliance checks against internal security policies/standards and external frameworks (e.g., ISO/IEC 27001/2, NIST CSF, CIS Controls, PCI DSS, SOC 2, MAS/TRM/BNM-RMiT as applicable).
Perform control testing, evidence collection, sample-based reviews, and gap analysis; document findings and remediation plans.
Support internal/external audits and certification activities; coordinate with control owners for timely closure of audit observations.
Maintain policy-to-control-to-evidence mapping in GRC tools; ensure versioning and traceability.
IT Security Posture Management
Maintain and enhance security posture metrics (e.g., vulnerability exposure, hardening compliance, privileged access hygiene, endpoint protection coverage, configuration drift).
Oversee configuration baseline compliance (e.g., CIS benchmarks) for servers, endpoints, databases, cloud services, and network devices.
Contribute to secure configuration standards and review change requests for security impact.
Support risk assessments (systems, projects, vendors) and embed posture checks into onboarding and change processes.
Provide concise, actionable dashboards and briefings to leadership and technology stakeholders.
Collaboration & Governance
Support vulnerability remediation forums with Technology owners; drive issue resolution and risk decisions.
Work with AppSec, Cloud, IT Ops, and SOC/Threat Intelligence to prioritize remediation based on real-world threats and business context.
Develop SOPs, runbooks, and playbooks; deliver awareness and training to technical teams.
About You
Required Qualifications & Experience
Bachelor's degree in Computer Science, Information Security, Engineering, or equivalent experience.
58 years in information security with strong experience in vulnerability management and security compliance.
Hands-on with enterprise vulnerability scanners (e.g., Tenable, Qualys, Rapid7), and experience with credentialed scanning.
Solid understanding of OS, network, cloud (AWS/Azure/GCP), and container security fundamentals.
Experience testing and evidencing controls against at least one framework (e.g., ISO 27001, NIST CSF, CIS, PCI DSS).
Familiarity with SIEM/SOAR, EDR, MDM, CMDB/asset management, patch management, and GRC platforms.
Preferred Certifications:
Security: CISSP, CISM, Security+, CySA+
Vulnerability/Blue Team: GMON, GCIH, GCDA, eJPT/eCPPT
Cloud & Compliance: CCSP, Azure/AWS security certs, ISO 27001 Lead Implementer/Auditor, PCI ISA
Key Skills
Strong analytical and risk-based prioritization skills; able to translate technical findings into business impact.
Proficient in reporting and creating meaningful dashboards for both exec and technical audiences.
Excellent stakeholder management, facilitation, and escalation handling.
Scripting/automation (e.g., Python/PowerShell), API integrations for data extraction and workflow automation (bonus).
Clear, concise communication and documentation.
#LA-RA1
What's Next
Once you have applied online, our team will review your application and due to a high volume of applications, only shortlisted candidates will be notified.
Job ID: 143121449
