Vulnerability Management (Offensive Security)

Kasikorn Technology Group Secretariat Co., Ltd.

Kasikorn Technology Group Secretariat Co., Ltd. (Pak Kret)

Nonthaburi, Thailand

KASIKORN Business - Technology Group (KBTG) KBank, as the digital banking leader, is readying for future changes and challenges by establishing KBTG, with the aim of boosting IT management and service efficiency, enhancing competitiveness amid global FinTech transitions, while maintaining business leadership

About this position

Vulnerability Management (Offensive Security) position at KBTG involves leading Red-Team engagements to identify and mitigate security vulnerabilities within the organization's IT systems, focusing on continuous monitoring and advanced penetration testing.

Responsibilities

• Take a leading role in Red-Team engagements by supervising and providing guidance in identifying and mitigating security vulnerabilities and threats within the organization's IT systems.
• This includes continuous monitoring, conducting advanced penetration testing, performing in-depth threat analysis, carrying out vulnerability assessments, and developing strategies and approaches, including automation, to minimize security risks.
• Understand and able to deliver end to end penetration testing or vulnerability assessment process.
• Able to recommend to improve vulnerability assessment and vulnerability management life cycle or able to identified and perform depth analysis in complex vulnerability.
• Able to perform advance penetration testing including application, mobile and network by using open source tools combine with commercial tools, less automation or design/advise solution to improve security assessment process to KGroup.
• Able to perform depth analysis and recommend team of mitigation control related to bank infrastructure and application with residual risk.
• Able to support to create automation in vulnerability assessment/vulnerability management process to reduce resource and improve capability.
• Able to communicate complex technical information to both technical and non-technical stakeholders.
• Coordinate with incident response team to support forensic investigation or lead to remediate urgent significant vulnerabilities.

Requirements

• Strong understanding of penetration testing and vulnerability assessment processes.
• Experience in recommending improvements to vulnerability management life cycles.
• Proficiency in advanced penetration testing across applications, mobile, and networks using both open source and commercial tools.
• Ability to perform in-depth analysis and recommend mitigation controls.
• Experience in creating automation for vulnerability assessment processes.
• Strong communication skills for conveying technical information to diverse stakeholders.
• Experience in coordinating with incident response teams.