Offensive Security Officer
Job Summary:
Plan, document test methodologies and perform penetration testing or ethical hacking of network infrastructure, application systems including mobile applications all in a stealthy operation without being detected, in order to identify potential security weaknesses in the system. Collaborate with ITG developers by communicating the back doors/security weaknesses identified and providing inputs in correcting the security flaws. Establish red team procedures in conducting red team exercises.
Specific Duties & Responsibilities:
- Perform threat analysis, wireless network assessments, and social-engineering assessments including physical security assessments to develop test scenarios.
- Conduct network and system security scans. Perform manual and automated hacking techniques on network infrastructure, computer systems, web and mobile applications. Search for weaknesses and recommend corrective measures to prevent potential attacks.
- Evade intrusion prevention systems, intrusion detection systems, firewalls, and honeypots to ensure they are effective and reinforced when necessary.
- Identify methods and entry points that attackers may use to exploit vulnerabilities or weaknesses
- Develop abuse cases and testing methods to identify vulnerabilities in business logic. Develop/update scripts/tools to enhance penetration testing processes.
- Research, evaluate, document and discuss findings with IT teams and management. Collaborate with IT teams to remediate the vulnerabilities.
- Effectively communicate findings and remediation strategy to stakeholders. Develop comprehensive and accurate reports and presentations for both technical and executive audiences.
- Review, verify and provide feedback on information security fixes.
- Establish improvements for existing security services, including hardware, software, policies and procedures.
- Observe business continuity and its operations when performing testing (i.e. minimize downtime and loss of employee productivity).
- Stay updated on the latest malware and security threats.
- Assist in cyber security investigations.
- Recognize the safe utilization of attacker tools, tactics, and procedures.
- Keep abreast with the latest attack vectors, hacking methods, ethical hacking/pen testing techniques and new penetration testing tools.
- Analyze security policies and configurations for effectiveness against an attack and make necessary suggestions on security policy and configuration improvements.
- Proactively works with the Department Head in implementing programs for the continuous improvement of the bank’s information security plans and strategies.
- Perform other information security governance, risk and compliance related duties and responsibilities as directed by the Department Head.
Job Specifications:
- Graduate of any college degree in Computer Science or Information Security, Cybersecurity or related technical field of expertise.
- Strong understanding of vulnerabilities, common attack vectors and has attacker mindset: ability to think about creative threats and attack vectors.
- Full knowledge and understanding of OWASP Top 10 Application Security best practices.
- Certification may include SANS GPEN, GWAP, OSCP, CEH or equivalent.
- Technical knowledge and experience in ethical hacking.
- Advanced computer skills – extensive computer skills and an understanding of networking fundamental, including forensics, reverse engineering, web applications, databases, and wireless technologies.
- Scripting and programming –scripting skills to infiltrate any system.
- Clear understanding of how computer security breaches can disrupt business, including the financial implications.
- Highly analytical with exceptional problem-solving skills.
- Result-orientated in terms of disposition for corrective action to drive the remediation to reduce the risk exposure of the bank.
- Have good teamwork and collaboration skills: a good team players with the ability to lead security initiatives
- Good written and verbal communication skills: to effectively articulate and explain complex security topics in simple language and easy to understand concepts.
- Possess excellent time management skills, thrive in a fast paced demanding environment
- Be a self-managed, self-starter with good organizational skills.