About Standard Chartered
We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.
To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.
We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation.
This in turn helps us to provide better support to our broad client base.
Delivering targeted and intelligence led security penetration testing and certifying SC platform builds through a robust testing methodology and process
Design and develop scripts, frameworks, tools, and the methods required for facilitating and executing complex attacks, emulating malicious actor behaviour aimed at avoiding detection.
Responsible for operation of security penetration testing and internal tools, researching and analysing vulnerabilities, identifying relevant threats, corrective action recommendations, summarizing and reporting results.
Maintain and evolve a mature set of security penetration testing and internal Red Team processes covering all areas of technology.
Scheduling / planning regulatory and nonregulatory related penetration testing activities
Deliver continuous improvement through process re-engineering, technology transformation, integration and exploitation to deliver optimised yet robust services to mitigate threats to the Bank
Manage and influence stakeholders in understanding risk exposure and containment measures from vulnerabilities the Bank could be exposed to.
ROLE SPECIFIC TECHNICAL COMPETENCIES : 1. Expert level :
Between 8 - 10 years of in-depth, hands-on working knowledge in security penetration testing, vulnerability management, technologies and Operational experience in a global environment.
Out of this a minimum of 3 years of professional experience as a lead penetration tester, reverse engineer, researcher or threat analyst / IR team member
2. Core Level :
Fundamental skills of Task prioritization, Time management, Customer focus.
Proven ability to manage diverse stakeholder expectations
3. Advanced level : Good working knowledge in :
The threat and vulnerability landscape including malware, emerging threats, attacks and vulnerability management
Security penetration testing and Red Team processes, technologies and industry frameworks (eg CREST)
Knowledge of tactics, techniques, and procedures that could be used for recon, persistence, lateral movement, and ex-filtration
Application, system and network exploitation or enumeration techniques utilized today ranging from injection, privilege escalation, buffer overflows, fuzzing, scanning
Programming languages such as C / C# / C++, Java, or Assembly and one / or more of the scripting languages, e.g. Perl, Python, PowerShell or shell scripting
Application, system and network exploitation or enumeration techniques utilized today ranging from injection, privilege escalation, buffer overflows, fuzzing and scanning
Writing and demonstrating proof of concept work from an exploitation or attack perspective
Building and employing modules and tailored payloads for common testing frameworks or tools
Networking topologies, protocol usage, and enterprise hardware including switches, routers, firewalls and their roles in security
Access control methodologies, network / host intrusion detection, vulnerability management tools, patch management tools, penetration testing tools, and AV solutions
Infiltration of physical systems such as social engineering, and hardware authentication bypass
Hardware hacking or building custom hardware for the purpose of exploitation
Excellent oral / written communication skills for articulating thoughts clearly with stakeholders ranging from engineers to senior business management
Basic experience in cloud security and a good understanding of DevSecOps principles including Continuous Integration / Continuous Deployment practices (CI / CD)
Experience in working with cross-border teams, preferably in the Financial Services industry.
Detailed oriented, Strong deductive reasoning, critical thinking and problem-solving skills
Ability to work in a fast-paced team environment
4. Entry Level :
Broad understanding of security related regulatory requirements from MAS, HKMA, RBI, PRA and DFSNY
Bachelor’s Degree in engineering, Computer Science / Information Technology or its equivalent.
Industry certifications will be a plus e.g. CISSP, SANS GIAC, GPEN, OCSP, CREST certifications