- Implement and maintain new Vulnerability Assessment (VA) scan infrastructure in Commercial Cloud
- Perform security monitoring and security incident response related to VA scan infrastructure hosted in the Commercial Cloud with relevant IHIS teams
- Schedule Vulnerability Assessment scan (include OS & Applications) with enterprise tools on quarterly basis for all Public Healthcare systems, including VA rescan
- Perform vulnerability scan for specific vulnerabilities (CVE) based on directive from MOH or CSA within an allowed scan window using agent or scan credential account
- Perform compliance scan against prevailing hardening standards, and also develop/maintain hardening scan template
- Perform network discovery scan to identify all devices on the corporate network.
- Perform half-year reconciliation of IT assets managed by IHIS with IT assets on-boarded in VA infrastructure
- Perform vulnerability scan from outside-in approach against Internet zone
- Customisation of Dashboard/Spreadsheet to facilitate tracking of remediation for VA findings
- Troubleshooting of failed VA scan jobs
- Provide guidance to on fixing the vulnerability
- Prepare periodic status reports for presentation to management
- Perform monthly scan policy audits and reviews
- Prepare monthly capacity usage report and compliance governance based on policy
- Document process and SOPs related to Vulnerability Scanning and operations
- Work closely with incident response team for incident investigation and also provide status updates during the life cycle of an security incident
- Review and improve the different incident response playbooks periodically
x
