Line of Service

Advisory

Industry/Sector

Not Applicable

Specialism

Cybersecurity & Privacy

Management Level

Manager

Job Description & Summary

A career in our Security Architecture practice, within Cybersecurity and Privacy services, will provide you with the opportunity to help our clients implement an effective cybersecurity programme that protects against threats, propels transformation, and drives growth. As companies pivot toward a digital business model, exponentially more data is generated and shared among organisations, partners and customers. You’ll play an integral role in helping our clients ensure they are protected by developing transformation strategies focused on security, efficiently integrate and manage new or existing technology systems to deliver continuous operational improvements and increase their cybersecurity investment, and detect, respond, and remediate threats.

In joining, you’ll be a part of a team that helps organisations design and create sustainable security solutions to provide foundational capabilities and operational discipline through a focus on enterprise requirements and prioritisation, Information Technology security architecture, and the software development lifecycle.

Job Responsibilities:

Manage, direct and deliver cyber-attack simulations as part of the RED team activityManage, direct and deliver Vulnerability Assessment (VA) and Penetration Testing (PT) and configuration review for network, web, mobile and thick-client applications, APIs, POS etcManage, direct and deliver source-code review using automated and manual approaches, review results to eliminate false positivesManage, direct and deliver configuration reviews for OS , DB, Firewall, routers, switches and other security devices/componentsPerform and deliver gap analysis and assessments based on standards, guidelines, notices, circulars (eg., ISO27K1, MAS TRM, HKMA etc)Prepare and review detailed reports and ensure timely delivery of status updates and final reports to clients

Provide technical guidance with respect to the development and execution of our key application security service offerings, including:

conducting assessments of applications (web, cloud, mobile, API) using range of manual and automated source code review techniques;performing security architecture reviews and risk assessments for applications in design and production phases;identifying potential threats and attacks to applications systems through threat modeling;identifying security recommendations and aligning them to appropriate risk ranking systems;integrating application security tools and process in pipeline;agile penetration testing; evaluating, developing, enhancing and/or running application security programs for our clients;conducting the above with a specific focus on DevSecOps.Manage client stakeholders, provide project status updates, discuss findings and explain recommendationsWork with clients to analyze, evaluate, and enhance the effectiveness of their application/product security posture at procedural and technological levels from design to deployment.Keep abreast of the latest IT Security news, exploits, hacks

Essential Skills:

Manage projects, team members and client stakeholders for successful deliveryManage project economicsThorough and practical knowledge of OWASP, network protocols, data on the wire, and covert channelsHands on experience with popular security tools – Nmap, Nessus, Kali, Metasploit, BurpSuite, Netsparker, OWASP CSRF Tester, Fortify/Checkmarx, SonarQube, Synopsys, SQLite browser, DrozerWorking knowledge of manual testing of web applicationsUnderstands Software Development Life Cycle and SOAP, REST and GraphQL APIsSkills in performing VAPT for Web applications, Mobile applications, APIs, Network infrastructure, Thick client applicationsGood knowledge of modifying and compiling exploit codeGood understanding and knowledge of codes languagesHas practical experience in auditing various OS, DB, Network and Security technologiesStrong understanding Unix/Linux/Mac/Windows, operating systems, including bash and Powershell

Experience in at least three of the following:

Set up and operate red team infrastructurePerform targeted, covert penetration tests with vulnerability identification, exploitation, and post-exploitation activitiesEmail, phone, or physical social-engineering assessmentsDeveloping, extending, or modifying exploits, shellcode or exploit toolsReverse engineering malware, data obfuscators, or ciphersStrong credentials in wireless, web application, and network security testingFamiliar with MITRE ATT&CK framework and D3FEND matrix

Educational Requirements & Experience

Bachelors in Computer Science/IT/Electronics Engineering or equivalent University degree.Minimum of 5-7 years of experience in the managing and delivering security tests and compliance review projects.Certifications: CREST CRT, CREST CPSA, Offensive Security Certified Professional (OSCP), GIAC Certified Web Application Defender (GWEB)Other Certifications: OSWP, BSCP, Certified Red Team Professional

Education (if blank, degree and/or field of study not specified)

Degrees/Field of Study required: Bachelor of Science - Information Technology

Degrees/Field of Study preferred:

Certifications (if blank, certifications not specified)

Required Skills

Optional Skills

Desired Languages (If blank, desired languages not specified)

Travel Requirements

Not Specified

Available for Work Visa Sponsorship?

No

Government Clearance Required?

Yes

Job Posting End Date