Certification: Active OSCP certification is mandatory. Candidates without a valid OSCP or an equivalent hands-on certification (e.g., OSEP, CPTS) will not be considered.
Experience: 5+ years in offensive security, penetration testing, or vulnerability management.
Autonomy: Proven track record of building security processes from scratch in environments where they were the sole security expert.
...
Support and execute information security plans and policies, while conducting penetration tests and code scans both before and after system implementations.
Install, monitor, and investigate cybersecurity systems to actively mitigate risks and stop security breaches in their tracks.
Maintain and fine-tune the performance of critical corporate cyber defense systems, including Firewalls, ATP, IPS, and internet access rules.
...
Provide technical support to end-users on security incidents and configurations under the guidance of senior security engineers.
Assist senior security engineers with tasks like implementing and maintaining security controls.
Learn to analyze security logs and identify potential threats, with the opportunity to utilize scripting to automate tasks as you develop your skills.
...
Assist the Functional Area Head in the execution of the approved audit plan / other assignments and in coaching team members.
Develop audit plans to assess the adequacy of cybersecurity controls designed to protect sensitive data and systems from internal and external threat, identify gaps and provide recommendations for improvements.
Perform cybersecurity audits including audits of security programs, vulnerability assessments, network security, incident response, access management and third party risk management.
...
Certification: Active OSCP certification is mandatory. Candidates without a valid OSCP or an equivalent hands-on certification (e.g., OSEP, CPTS) will not be considered.
Experience: 5+ years in offensive security, penetration testing, or vulnerability management.
Autonomy: Proven track record of building security processes from scratch in environments where they were the sole security expert.
...
Conduct penetration tests and vulnerability assessments on components including, but not limited to, web & mobile applications, servers, networks, databases and technological devices.
Participate and take lead in client projects in delivering cyber security professional services including consultancy and advisory.
Perform cyber security evaluations and cyber security audits in accordance to international standards.
...
Lead/assist and participate in Information Security audit and Risk Management by using various Information Security framework (PCI DSS v4.0, ISO/IEC 27001:2022, NIST, Cobit and etc), including audit scoping, evaluation, testing, reporting and issue follow-up.
Conduct audit and risk on various processes, technologies, and platforms, such as UNIX, Windows, DBMS (SQL, Oracle, DB2), AD, AS/400, Network and etc.
Identify technology risks and recommend appropriate controls based on risk level, business requirements, and feasibility of implementation.
...
Conduct penetration tests and vulnerability assessments on components including, but not limited to, web & mobile applications, servers, networks, databases and technological devices.
Participate and take lead in client projects in delivering cyber security professional services including consultancy and advisory.
Perform cyber security evaluations and cyber security audits in accordance to international standards.
...
Maintaining of security solution including Splunk, Imperva and etc. (Task including compliance to patch and obsolescence framework requirement, UAMR etc.)
Ensure events / logs from all relavant devices are sending to SIEM solution in a complete and accurate manner
To produce monthly SIEM system health report (completeness and accurate)
...