Back to job search
JD - Offensive Security Consultant
I. Purpose:
• Offensive Security is set up to execute scope defined and threat/scenario based testing against the banks People, Processes, and Technology. The team is made up of both a traditional penetration testing capability and red teaming.
• Offensive security testing (‘testing’) is the practice of testing a computer system, network, or web application to find security vulnerabilities that an attacker could exploit. This testing is executed using a combination of automated tools and manual testing.
• This role exists to provide offensive security testing services to a wide range of company’s products and services, identifying security weaknesses and exposures that pose a risk to the enterprise
II. Core Responsibilities:
• Work with project stakeholders to identify assets and define test scopes – evaluating the breadth and depth on which testing should take place based on varying factors;
• Execute penetration tests, either in a team or individually, to identify vulnerabilities and weaknesses that could impact bank systems; Including testing of web applications, mobile applications, web APIs, Infrastructure, Cloud technologies, and hardware.
• Triage vulnerabilities and justify risk in alignment with common vulnerability scoring systems, considering the environment and context;
• Report testing results to key project stakeholders in varying formats (i.e. traditional report, bug tickets), including verbal communication;
• Be involved with internal projects and initiatives to uplift team capabilities;
• Provide QA reviews for testing scopes and reports from your peers to ensure high quality and accuracy of testing;
• Work with larger technical programs across the bank to understand and construct testing requirements;
• Where required, work as an embedded penetration tester on large programs; • Assist with other offensive security activities within the team (e.g. red team activity);
• Self-manage security testing projects from end-to-end;
• Participate in ‘run the business’ activities, such as maintenance and uplift of the penetration testing environment.
III. Requirements:
• Experience testing various technologies and platforms, including but not limited to; Web applications, web APIs, mobile applications (iOS, Android), network and server technologies, cloud services (AWS, Azure), and hardware;
• Experience writing and conveying complex security findings through reports;
• At least 3 years as a penetration tester;
• Experience working with large corporation
• A comprehensive understanding of Penetration Testing frameworks and methodologies (OWASP, OSSTMM, WAHH);
• Methodical, analytical approach with outstanding attention to detail. The ability to construct and execute testing within a controlled environment that complies with methodologies, policies, and best practice;
• A clear understanding of both manual and automated penetration testing techniques, including knowledge of common penetration testing tools and the impacts they have on systems;
• A good understanding of risk mitigation strategies when working in highly sensitive environment;
• Proven ability to work both individually and within a team environment (at times with little guidance), build strong relationships and maintain rapport with internal stakeholders and 3rd party service providers;
• Strong team working skills are essential;
• Excellent verbal and written communication skills;
• Strong team working skills are essential;
• Ability to attend to the detail on multiple concurrent tasks while meeting various deadlines;
• Ability to work semi-autonomously and organise/prioritise own work schedule on a short-term basis;
• Proven ability to develop scripts and tools to enhance manual processes and existing tooling
Offensive Security Consultant
| Location | Vietnam |
| Industry | Information & Communications Technology (ICT) | Job reference | 15744 |
| Job type | Permanent |
| Salary | 60.000.000- 80.000.000 |
| Consultant email | bao.luu@manpower.com.vn |
| Date posted | Mar 25, 2024 |
I. Purpose:
• Offensive Security is set up to execute scope defined and threat/scenario based testing against the banks People, Processes, and Technology. The team is made up of both a traditional penetration testing capability and red teaming.
• Offensive security testing (‘testing’) is the practice of testing a computer system, network, or web application to find security vulnerabilities that an attacker could exploit. This testing is executed using a combination of automated tools and manual testing.
• This role exists to provide offensive security testing services to a wide range of company’s products and services, identifying security weaknesses and exposures that pose a risk to the enterprise
II. Core Responsibilities:
• Work with project stakeholders to identify assets and define test scopes – evaluating the breadth and depth on which testing should take place based on varying factors;
• Execute penetration tests, either in a team or individually, to identify vulnerabilities and weaknesses that could impact bank systems; Including testing of web applications, mobile applications, web APIs, Infrastructure, Cloud technologies, and hardware.
• Triage vulnerabilities and justify risk in alignment with common vulnerability scoring systems, considering the environment and context;
• Report testing results to key project stakeholders in varying formats (i.e. traditional report, bug tickets), including verbal communication;
• Be involved with internal projects and initiatives to uplift team capabilities;
• Provide QA reviews for testing scopes and reports from your peers to ensure high quality and accuracy of testing;
• Work with larger technical programs across the bank to understand and construct testing requirements;
• Where required, work as an embedded penetration tester on large programs; • Assist with other offensive security activities within the team (e.g. red team activity);
• Self-manage security testing projects from end-to-end;
• Participate in ‘run the business’ activities, such as maintenance and uplift of the penetration testing environment.
III. Requirements:
• Experience testing various technologies and platforms, including but not limited to; Web applications, web APIs, mobile applications (iOS, Android), network and server technologies, cloud services (AWS, Azure), and hardware;
• Experience writing and conveying complex security findings through reports;
• At least 3 years as a penetration tester;
• Experience working with large corporation
• A comprehensive understanding of Penetration Testing frameworks and methodologies (OWASP, OSSTMM, WAHH);
• Methodical, analytical approach with outstanding attention to detail. The ability to construct and execute testing within a controlled environment that complies with methodologies, policies, and best practice;
• A clear understanding of both manual and automated penetration testing techniques, including knowledge of common penetration testing tools and the impacts they have on systems;
• A good understanding of risk mitigation strategies when working in highly sensitive environment;
• Proven ability to work both individually and within a team environment (at times with little guidance), build strong relationships and maintain rapport with internal stakeholders and 3rd party service providers;
• Strong team working skills are essential;
• Excellent verbal and written communication skills;
• Strong team working skills are essential;
• Ability to attend to the detail on multiple concurrent tasks while meeting various deadlines;
• Ability to work semi-autonomously and organise/prioritise own work schedule on a short-term basis;
• Proven ability to develop scripts and tools to enhance manual processes and existing tooling