Senior Specialist, Security Penetration Testing

Job Description

*About Standard Chartered We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.To us, good performance is about much more than turning a profit. Its about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.Were committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.RESPONSIBILITIES:

• Delivering targeted and intelligence led security penetration testing and certifying SC platform builds through a robust testing methodology and process
• Design and develop scripts, frameworks, tools, and the methods required for facilitating and executing complex attacks, emulating malicious actor behaviour aimed at avoiding detection.
• Responsible for operation of security penetration testing and internal tools, researching and analysing vulnerabilities, identifying relevant threats, corrective action recommendations, summarizing and reporting results.
• Maintain and evolve a mature set of security penetration testing and internal Red Team processes covering all areas of technology.
• Scheduling/planning regulatory and nonregulatory related penetration testing activities
• Deliver continuous improvement through process re-engineering, technology transformation, integration and exploitation to deliver optimised yet robust services to mitigate threats to the Bank
• Manage and influence stakeholders in understanding risk exposure and containment measures from vulnerabilities the Bank could be exposed to.

ROLE SPECIFIC TECHNICAL COMPETENCIES:1. Expert level:

• Between 8 - 10 years of in-depth, hands-on working knowledge in security penetration testing, vulnerability management, technologies and Operational experience in a global environment. Out of this a minimum of 3 years of professional experience as a lead penetration tester, reverse engineer, researcher or threat analyst / IR team member

2. Core Level:

• Fundamental skills of Task prioritization, Time management, Customer focus.
• Proven ability to manage diverse stakeholder expectations

3. Advanced level:Good working knowledge in:

• The threat and vulnerability landscape including malware, emerging threats, attacks and vulnerability management
• Security penetration testing and Red Team processes, technologies and industry frameworks (eg CREST)
• Knowledge of tactics, techniques, and procedures that could be used for recon, persistence, lateral movement, and ex-filtration
• Application, system and network exploitation or enumeration techniques utilized today ranging from injection, privilege escalation, buffer overflows, fuzzing, scanning
• Programming languages such as C /C# / C++, Java, or Assembly and one/or more of the scripting languages, e.g. Perl, Python, PowerShell or shell scripting
• Application, system and network exploitation or enumeration techniques utilized today ranging from injection, privilege escalation, buffer overflows, fuzzing and scanning
• Writing and demonstrating proof of concept work from an exploitation or attack perspective
• Building and employing modules and tailored payloads for common testing frameworks or tools
• Networking topologies, protocol usage, and enterprise hardware including switches, routers, firewalls and their roles in security
• Access control methodologies, network / host intrusion detection, vulnerability management tools, patch management tools, penetration testing tools, and AV solutions
• Infiltration of physical systems such as social engineering, and hardware authentication bypass
• Hardware hacking or building custom hardware for the purpose of exploitation
• Excellent oral/written communication skills for articulating thoughts clearly with stakeholders ranging from engineers to senior business management
• Basic experience in cloud security and a good understanding of DevSecOps principles including Continuous Integration/Continuous Deployment practices (CI/CD)
• Experience in working with cross-border teams, preferably in the Financial Services industry.
• Detailed oriented, Strong deductive reasoning, critical thinking and problem-solving skills
• Ability to work in a fast-paced team environment

4. Entry Level:

• Broad understanding of security related regulatory requirements from MAS, HKMA, RBI, PRA and DFSNY

QUALIFICATIONS:

• Bachelor s Degree in engineering, Computer Science/Information Technology or its equivalent.
• Industry certifications will be a plus e.g. CISSP, SANS GIAC, GPEN, OCSP, CREST certifications

Apply now to join the Bank for those with big career ambitions.To view information on our benefits including our flexible working please visit our career pages . We welcome conversations on flexible working.,

Keyskills :
active directorytroubleshootingenvironmentwindowsslaproof of conceptred teamtesting toolscloud securityproblem solvingtime management