Job Description :
Information Security – Cyber Security Analyst
Key Skillset: Information Security Testing with Penetration Testing, Exploit Development, Vulnerability Research, Fuzzing, TCP/IP, C/C++/C#/ASM
Requirements:
• 8+ years of Information Security experience.
• 5+ years direct or equivalent experience in areas of red teaming, penetration testing, exploit development, vulnerability research and fuzzing.
• Possess excellent communication skills in English, both written & verbal as well as ability to apply critical reading/thinking skills.
• Strong background and knowledge of ethical hacking principles, penetration testing principles, tools and techniques.
• Hands on experience in cyber-attack stages (e.g. reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, cover tracks).
• Additional exposure to threat behaviour mimicking techniques as well as social engineering techniques. (eg., phishing, baiting, tailgating, etc.).
• Understanding of Mitre ATT&CK Framework • Coding experience in one of these supported language (C/C++, C#, Python).
• Familiar with the Metasploit framework.
Desired Qualifications Candidates possessing the following will be given preferential consideration:
• Bachelor of Science in Computer Science, Computer Engineering, or Electrical Engineering or a related technical field or equivalent professional experience.
• Have published security research or security advisories.
• Possess excellent communication skills in English, both written and verbal.
• Ability to apply critical reading/thinking skills.
• Technical Cybersecurity Certification via recognized bodies such as CISSP, Offensive Security Certified (OSCP/OSCE/OSEE), SANS Certified (GXPN/GWAPT/GPEN).
Key Responsibilities:
• Lead or participate in authorized exploitation or penetration activities in support of internal requirements & objectives for new or updated applications as well as organization’s enterprise assets.
• Collaborate with other internal and external supporting groups on target access and operational issues. Communicate new developments, breakthroughs, challenges and lessons learned to stakeholders.
• Provide technical expertise and advice on all areas of security technology, including network security, platform security, authentication/authorization systems, application security, security architecture, policy enforcement, and security frameworks.
• Participate in activities to develop comprehensive exploitation strategies & tools to assist in exploitation techniques, vulnerability research, exploit development and operational use.
• Regular review of cybersecurity and privacy principles against organizational requirements as well as communicate & report findings, concepts or ideas in an organized manner via documentations, presentations and/or other means. (relevant to confidentiality, integrity, availability, authentication, non-repudiation).