Security Assurance Specialist (Vendor)

Roles & Responsibilities:

• To check the phased development and execution of relevant risk mitigation activity in liaison with A&R and ongoing evolution to aid ability to assess the effectiveness of company’s compliance program elements.
• To execute advanced penetration testing on network, web applications, mobile applications, servers, and services to identify possible attack areas and proactively shore up those weaknesses before exploitation by hackers.
• To evaluate business risk of reported vulnerabilities from different programs, including internal pen-test, external pen-test, and bug bounty programs.
• To ensure action toward security deficiencies through the documentation of findings, monitoring the remediation, and validating closure to increase the security maturity of the security program and reduce overall risk.
• To support the team in development of technical frameworks, tools and execution of security tests, red-teaming assessments and adversary emulation engagements.
• To exercise “Purple teaming” in collaboration with the Security Operation Center team to deliver more tailored, realistic assurance to the company.
• To review security artifacts and assess both the technical and functional adequacy of the cyber security/information assurance controls.
• To ensure security programs comply with relevant laws, regulations, and policies to minimize or eliminate risk and audit findings.
• To check production systems continuously in accordance with defined security controls and fix security bugs based on defined SLA and OLAs.
• To ensure all changes that can impact security and introduce security bugs go through security tests.
• To support the manager in conducting monthly vulnerability assessments to identify control weaknesses, assess the effectiveness of existing controls, and recommend remedial action.
• To regularly assess compliance and audits against approved standards and policies and follow fixing non-compliance items.
• To ensure all new products and services are compliant against defined standards and policies and have been tested before going live.
• To provide regular reports on vulnerability, security logs for unusual events, and compliance status of all systems and services effectively and efficiently.

Job Requirements:

• Bachelor’s Degree in Technology Systems (Telecommunication Management / Information Technology) or related discipline
• Related certification is added advantage, such as:
• Certified Ethical Hacker (CEH)
• Offensive Security Web Assessor (OSWA)
• EC-Council Certified Security Analyst (ECSA)
• Burp Suite Certified Practitioner (BSCP)
• Minimum of 3 years of experience in technical/risk-based security roles; with experience in supervising others.
• Experienced in network, web and mobile application penetration test
• Broad experience of cyber security risk assessment methodologies
• Strong technical proficiency in all major operating systems, especially Linux and Windows
• Proficiency reading and writing exploit codes
• Having actively participated in bug bounty programs, along with a proven track record of discovering and responsibly disclosing vulnerabilities, would be a favorable attribute in this context.