IT Security – Application Security and Vulnerability Management

Responsibilities:

• Lead, mentor, and manage a team of penetration testers.
• Set clear objectives, track progress, and ensure quality deliverables.
• Foster collaboration and professional growth within the team.
• Apply a “trust, but verify” mindset to assess system integrity and identify potential risks.
• Conduct penetration testing on various applications, including, but not limited to web application, mobile application, API, and network/infrastructure. This may include internet-facing systems and internal systems.
• Collaborate with stakeholders to provide actionable recommendations for remediation, according to practices and standards.
• Investigate new tools, techniques, and technologies in the cybersecurity landscape.
• Interpret and utilize technical documentation, research papers, and industry reports to guide testing methodologies.
• Anticipating possible security threats and identifying areas of weakness in the proposed system, a security architect must be proactive to highlight the possible breaches of security.
• Prepare detailed reports and presentations for technical and non-technical audiences, articulating findings and recommendations effectively.
• Review and advise security solution architect for the proposed system such as: Network Segmentation, Application protection, Defense-in-depth, Remote Access, Encryption Technologies, Backup/Replication/Multiple Sites, Cloud/Hybrid/Multiple Cloud Vendors, Software Defined Networking, Network Function, Virtualization.
• Identify security design gaps in existing and proposed architectures and recommend changes or enhancements.
• Ensure that IT systems and applications within the organization meet the needs of business while adhering to security best-practices, compliance and regulatory requirements
• Track and oversee closure of security risks including reviewing remediation plans and monitoring progress or remedial actions.
• Provide information security awareness training to organization personnel adhering to security best-practices, compliance and regulatory requirements.

Qualifications:

• Bachelor or Master’s degree in Computer Engineering, MIS, IT or a related field.
• At least 5 years experiences in cyber security area.
• Professional certificates related to work (e.g. OSCP, Pentest+, ISO 27001, OSCP, GPEN or similar general security certification) is desirable
• A positive, can-do attitude, who naturally expresses a high degree of empathy to others.
• Efficient communication and team-player skills.
• Strong intuition for identifying weaknesses and assessing the trustworthiness of systems.
• Proficiency in scripting languages (e.g., Python, PowerShell) and automation of testing workflows. Frida scripting is preferred
• Ability to learn new programming languages.
• Ability to read and interpret technical documentation, including API documentation, RFCs, and system configurations.
• Deep understanding of emerging threats, vulnerabilities, and attack techniques.
• Knowledge of International Security frameworks, Standards, Guidelines and Methodology eg, NIST-800, ISO 27001, OWASP, PCI-DSS, ISSAF, OSSTMM, and etc.
• Previous penetration testing experience and familiarity with commonly used tools and tactics.
• Experience with offensive security analysis tools and tactics.
• Strong cyber threat intelligence and information security experience in complex organizations
• Experience in system and application security management and control.
• Experience in facilitating information security risk assessments.
• Familiarity with cyber security threats, defenses, motivations and techniques.
• Familiarity with security concerns facing large enterprises.