Job Code

JD-20246

JOB DESCRIPTION

Skills / Competencies • The incumbent should preferably have 3-5 years of experience in a Banking industry or similar environment, e.g., a demanding service industry where employees are able to work under pressure. • 3-5 years' experience in at least three of the following:  Shell scripting or automation of simple tasks using Perl, Python, or Ruby  Developing, extending, or modifying exploits, shellcode or exploit tools is a bonus  Reverse engineering malware, data obfuscators, or ciphers  Source code review for control flow and security flaws  Hands on experience with popular security tools – Tenable.SC, Nessus, Burpsuite, Netsparker, Metasploit, KALI Linux • Be fluent with common security vulnerabilities, design and configuration flaws, and security best practices. • Knowledge of Network Security technology in areas of Firewall, IPS, VPN, Gateway security solutions (proxy, web filtering) • Self-starter and ability to deliver under defined timelines • Highly self-motivated and directed • Ability to act calmly and competently in high-pressure, high-stress situations and Standby • Ability to document and explain technical details in a concise, understandable manner

Experience Required

3 - 5 Years

Industry Type

IT

Employment Type

Permanent

Location

Malaysia

Roles & Responsibilities

Job Description: • Conduct Vulnerability Assessments (VA) of identify Information Asset using Tenable.SC and/or other open source and/or commercial tools per Compliance Calendar and Ad- hoc request. • Map out a network, discover ports and services running on the different exposed Information Asset. • Whenever require, conduct penetration test and launch exploits using Tenable.SC, Nessus, Metasploit and/or KALI Linux distribution tools sets. • Analyze scan reports and suggest remediation / mitigation plan. • Manage and participate in all stages of a Vulnerability Management including planning, scanning, remediation, tracking and provide guidance or reference when needed. • Prepare report to Remediation Team, non-technical audience and executive management highlighting outcomes of security assessment exercises and recommendations. • Support compliance objectives: provide guidance and relevant artefacts whenever needed. • Define and develop agenda for training and educating security professionals on VA relevant topics and/or other Threat and Vulnerability Management (TVM) domains. • Improve, update and maintain VA scanning documentation including SOP, Guidelines, Playbook and/or Work Instruction. • Involve in ORR and support the exercise until the sign-off.

Expertise & Qualification

Skills / Competencies • The incumbent should preferably have 3-5 years of experience in a Banking industry or similar environment, e.g., a demanding service industry where employees are able to work under pressure. • 3-5 years' experience in at least three of the following:  Shell scripting or automation of simple tasks using Perl, Python, or Ruby  Developing, extending, or modifying exploits, shellcode or exploit tools is a bonus  Reverse engineering malware, data obfuscators, or ciphers  Source code review for control flow and security flaws  Hands on experience with popular security tools – Tenable.SC, Nessus, Burpsuite, Netsparker, Metasploit, KALI Linux • Be fluent with common security vulnerabilities, design and configuration flaws, and security best practices. • Knowledge of Network Security technology in areas of Firewall, IPS, VPN, Gateway security solutions (proxy, web filtering) • Self-starter and ability to deliver under defined timelines • Highly self-motivated and directed • Ability to act calmly and competently in high-pressure, high-stress situations and Standby • Ability to document and explain technical details in a concise, understandable manner