Experienced Associate Cyber Security

Conduct cybersecurity assessments, covering web application and mobile application penetration testing in accordance with OWASP Top 10 and CWE Top 25

• Conduct internalexternal network penetration testing to assess clients’ network security risks and evaluate clients’ cybersecurity controls

• • Perform network vulnerability assessments to identify potential issues against network access controls and network segmentation

  • • Engage in red teaming engagement projects and cyberattack simulation testing to assess clients’ cybersecurity strategies

    • • Engage source code reviews to identify potential logical errors in program flows, misconfigurations, and exploitable vulnerabilities in applications

      • • Research, collect and analyse cyber threat intelligence from threat actors

        • • Work actively in supporting and following up on proposal processing in accordance with client expectations on a crossborder and global multinational basis

          • • Continuously research and follow up on the latest IT security challenges and technologies (mobile, digital trust, IoT, cloud, blockchain etc.)

            • You are someone with:

              • Experience in web application development and software engineering

              • • Knowledge of common infrastructure and web application vulnerabilities and common vulnerability categorisations such as OWASP, CVSS

                • • Experience in security testing, including application testing, penetration testing, and vulnerability assessment

                  • • Experience in implementing network systems and deep understanding of common misconfigurations leading to security vulnerabilities in network systems

                    • • Ability to work under pressure and deliver quality work in tight timelines

                      • • Demonstrated experience of working with diverse stakeholders

                        • • Good communication and interpersonal skills

                          • • Willingness to take on new challenges, gain new skills and work collaboratively in a dynamic and rapidly growing team

                            • • Training on selfdevelopment platforms (TryHackMe, HackTheBox, PentesterLabs, PortSwigger Web Security Academy, etc.)

                              • Preferred:

                                • Thorough understanding of common software security vulnerabilities (CWE Top 25 Most Dangerous Software Weaknesses)

                                • • Experience of conducting red teaming engagements and cyberattack simulation testing

                                  • • Demonstrated knowledge of penetration testing across several domains such as cloud and container security, applied cryptography, networks infrastructure, etc.

                                    • • Knowledge of developing hacking scriptstools

                                      • • Knowledge of secure development andor DevSecOps experience, including experience in securing code before deployment, code review, and vulnerability and dependency management

                                        • • Experience in bug bounty programs or CVE hunting is an advantage

                                          • • Preference will be given to candidates who hold one of the following industry certifications: OSCP, OSWA, eWPT, eCPPT, CRTP, PNPT, CREST CRTCCT, or equivalent

                                            • • Preference will be given to candidates who hold relevant cloud certifications: AWS, Azure, GCP

                                              • • Strong preference will be given to candidates who hold one of the following industry certifications: OSWE, OSEP, OSCE, CRTO, CRTE, eCPTX, eWPTX, SANS

                                                • Education (if blank, degree andor field of study not specified)

                                                  DegreesField of Study required:

                                                  DegreesField of Study preferred:

                                                  Certifications (if blank, certifications not specified)

                                                  Required Skills

                                                  Optional Skills

                                                  Accepting Feedback, Accepting Feedback, Active Listening, Agile Methodology, Azure Data Factory, Communication, Cybersecurity, Cybersecurity Framework, Cybersecurity Policy, Cybersecurity Requirements, Cybersecurity Strategy, Emotional Regulation, Empathy, Encryption Technologies, Inclusion, Intellectual Curiosity, Managed Services, Optimism, Privacy Compliance, Regulatory Response, Security Architecture, Security Compliance Management, Security Control, Security Incident Management, Security Monitoring {+ 3 more}

                                                  Desired Languages (If blank, desired languages not specified)

                                                  Travel Requirements

                                                  Available for Work Visa Sponsorship?

                                                  Government Clearance Required?

                                                  Job Posting End Date