Experienced Associate Cyber Security

Responsibilities: 

• Conduct cybersecurity assessments, covering web application and mobile application penetration testing in accordance with OWASP Top 10 and CWE Top 25  

• Conduct internal/external network penetration testing to assess clients’ network security risks and evaluate clients’ cybersecurity controls 

• Perform network vulnerability assessments to identify potential issues against network access controls and network segmentation  

• Engage in red teaming engagement projects and cyber-attack simulation testing to assess clients’ cybersecurity strategies 

• Engage source code reviews to identify potential logical errors in program flows, misconfigurations, and exploitable vulnerabilities in applications  

• Research, collect and analyse cyber threat intelligence from threat actors  

• Work actively in supporting and following up on proposal processing in accordance with client expectations on a cross-border and global multinational basis  

• Continuously research and follow up on the latest IT security challenges and technologies (mobile, digital trust, IoT, cloud, blockchain etc.)  

You are someone with:  

• Experience in web application development and software engineering 

• Knowledge of common infrastructure and web application vulnerabilities and common vulnerability categorisations such as OWASP, CVSS 

• Experience in security testing, including application testing, penetration testing, and vulnerability assessment 

• Experience in implementing network systems and deep understanding of common misconfigurations leading to security vulnerabilities in network systems 

• Ability to work under pressure and deliver quality work in tight timelines  

• Demonstrated experience of working with diverse stakeholders 

• Good communication and interpersonal skills 

• Willingness to take on new challenges, gain new skills and work collaboratively in a dynamic and rapidly growing team 

• Training on self-development platforms (TryHackMe, HackTheBox, PentesterLabs, PortSwigger Web Security Academy, etc.) 

Preferred: 

• Thorough understanding of common software security vulnerabilities (CWE Top 25 Most Dangerous Software Weaknesses) 

• Experience of conducting red teaming engagements and cyber-attack simulation testing 

• Demonstrated knowledge of penetration testing across several domains such as cloud and container security, applied cryptography, networks infrastructure, etc. 

• Knowledge of developing hacking scripts/tools 

• Knowledge of secure development and/or DevSecOps experience, including experience in securing code before deployment, code review, and vulnerability and dependency management 

• Experience in bug bounty programs or CVE hunting is an advantage 

• Preference will be given to candidates who hold one of the following industry certifications: OSCP, OSWA, eWPT, eCPPT, CRTP, PNPT, CREST CRT/CCT, or equivalent  

• Preference will be given to candidates who hold relevant cloud certifications: AWS, Azure, GCP 

• Strong preference will be given to candidates who hold one of the following industry certifications: OSWE, OSEP, OSCE, CRTO, CRTE, eCPTX, eWPTX, SANS