Senior Associate - Cyber Security
- Hà Nội
- Lâu dài
- Toàn thời gian
● Work in a highly innovative and transformative business
● Work/life balance with access to flexible work arrangements
● Salary packaging – to suit your personal and financial circumstances
● Professional certification sponsorship – to develop your talent and enhance knowledgeResponsibilities:
- Lead the team in cybersecurity assessments, covering web application and mobile application penetration testing in accordance with OWASP Top 10 framework and CWE Top 25 most dangerous software weaknesses
- Lead the team in network penetration tests and vulnerability assessments to identify potential issues against network access control and network segmentation
- Conduct source code reviews to identify potential logical errors in program flows, misconfigurations, and exploitable vulnerabilities in the applications
- Conduct red teaming engagement and cyber-attack simulation testing to assess clients’ cybersecurity strategies
- Research, collect and analyse cyber threat intelligence from threat actors
- Engage in establishing network infrastructure for red teaming activities, including but not limited to command & control ("C2") servers, SMTP relay mail servers, web servers, and reverse proxies
- Design and launch phishing attacks to generate reports for increasing awareness of employees regarding different types of phishing techniques
- Provide pragmatic recommendations on the identified risks
- Deliver both management-level and detailed technical reporting of observations, along with assisting in giving presentations to both technical and business stakeholders
- Deliver complex Cybersecurity consulting and engineering projects involving diverse technologies, and multidisciplinary delivery teams and stakeholder groups
- Collaborate with clients, colleagues, and technology alliance partners on identifying and developing solutions for assessing and enhancing cyber security operations
- Engage with threat intelligence, hunting, and incident response activities to keep up to date with trends in technology, security, and the threat landscape
- Train, coach and mentor junior team members
- Lead day-to-day delivery activities, including client and internal communication management, as well as technical quality control
- Work actively in supporting and following up on proposal processing in accordance with client expectations on a cross-border and global multinational basis
- Continuously research and follow up on the latest IT security challenges and technologies (mobile, digital trust, IoT, cloud, blockchain etc.)
- 3+ years of proven experience in conducting either network and infrastructure or web/API or mobile application penetration testing and be able to independently manage engagement delivery
- Experience in leading and supervising engagement teams in penetration testing and vulnerability assessment projects
- Thorough understanding of common infrastructure and web application vulnerabilities and common vulnerability categorisations such as OWASP and CVSS
- Knowledge of common software security vulnerabilities (CWE Top 25 Most Dangerous Software Weaknesses)
- Experience in penetration testing and vulnerability assessment across one of the several following domains: web and mobile applications, cloud and container security, reverse engineering, applied cryptography, networks infrastructure, etc.
- Ability to work under pressure and deliver quality work in tight timelines
- Demonstrated experience of working with diverse stakeholders
- Excellent communication and interpersonal skills
- Willingness to take on new challenges, gain new skills and work collaboratively in a dynamic and rapidly growing team
- One of the following industry certifications: OSCP, OSWA, eWPT, eCPPT, CRTP, PNPT, CREST CRT/CCT, or equivalent
- Experience in conducting red teaming engagements and cyber-attack simulation testing
- Experience in developing hacking scripts/tools
- Secure development and/or DevSecOps experience, including experience of securing code before deployment, code review, and vulnerability and dependency management
- Ability to communicate strategic information security topics, policies, and standards as well as risk-related concepts to technical and non-technical audiences
- Experience in bug bounty programs or CVE hunting is an advantage
- Preference will be given to candidates who hold relevant cloud certifications: AWS, Azure, GCP
- Strong preference will be given to candidates who hold one of the following industry certifications: OSWE, OSEP, OSCE, CRTO, CRTE, eCPTX, eWPTX, SANS
- Strong preference will be given to candidates who hold one of the following professional certifications: CISSP, CCSP, CSSLP, CISM, CRISC, PMP