Audit Cybersecurity Assurance Specialist (Penetration Tester)
เกี่ยวกับตำแหน่งนี้
Jago is a fully digital bank that leverages modern technology to provide innovative and reliable financial services. As a Cybersecurity Assurance Specialist, you will play a critical role in ensuring the cybersecurity health of the organization while collaborating with a diverse team to address relevant challenges.
หน้าที่รับผิดชอบ
• Participates in a broad range of review and assurance activities to assess the cybersecurity posture of the Bank and identify control weaknesses.
• Perform ethical hacking activities (e.g., mobile/web application pentest, infrastructure testing, including custom assessments etc.) as part of the cyber security audit, and design attack scenarios for state-of-the-art technologies.
• Work closely with security experts from multiple industries to improve their solutions by tackling the root cause of the issues and find innovative solutions to modern challenges.
• Highlight important observations, translate technical findings into management information so that they can take effective actions.
• Validate appropriate implementation of cybersecurity controls.
• Conduct research on latest developments in IT security technologies and threats.
• Acts as a trusted advisor to the IT / Cybersecurity organization and management.
คุณสมบัติ
• 5 years of working experience as Information Security Specialist, Pentester or IT Auditors.
• Experience with one or more of the following aspects: application and software security, blue / red teaming, industrial security controls, network security, IT operations, penetration testing, risk and vulnerability assessment, investigative techniques, authentication and access management systems, etc.
• Demonstrated experience in capture the flag (CTFs) events, bug hunting or vulnerability research (CVEs) is a plus.
• Professional security certification(s) such as CISA, CISSP, OSCP, GIAC will be an advantage.
• Experience with security penetration testing tools e.g. Nessus, Metasploit, Burp Suite etc.
• Experience with various operating systems i.e.: Linux, Unix, Windows, as well with languages like Bash, Python, Ruby, Powershell, Java, and C++ / C# etc.
• Knowledge on standard and advanced defense & remediation techniques and processes (i.e. OWASP, NIST, ATT&CK).
• Practical experience on DevSecOps tools like Puppet, Jenkins, Git, Docker, or Kubernetes, SAST, DAST, etc.