Senior Specialist, Security Penetration Testing

Standard Chartered

Bangalore, India, South Asia

1d ago

About Standard Chartered

We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.

To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.

We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation.

This in turn helps us to provide better support to our broad client base.

RESPONSIBILITIES :

Delivering targeted and intelligence led security penetration testing and certifying SC platform builds through a robust testing methodology and process

Design and develop scripts, frameworks, tools, and the methods required for facilitating and executing complex attacks, emulating malicious actor behaviour aimed at avoiding detection.

Responsible for operation of security penetration testing and internal tools, researching and analysing vulnerabilities, identifying relevant threats, corrective action recommendations, summarizing and reporting results.

Maintain and evolve a mature set of security penetration testing and internal Red Team processes covering all areas of technology.

Scheduling / planning regulatory and nonregulatory related penetration testing activities

Deliver continuous improvement through process re-engineering, technology transformation, integration and exploitation to deliver optimised yet robust services to mitigate threats to the Bank

Manage and influence stakeholders in understanding risk exposure and containment measures from vulnerabilities the Bank could be exposed to.

ROLE SPECIFIC TECHNICAL COMPETENCIES : 1. Expert level :

Between 8 - 10 years of in-depth, hands-on working knowledge in security penetration testing, vulnerability management, technologies and Operational experience in a global environment.

Out of this a minimum of 3 years of professional experience as a lead penetration tester, reverse engineer, researcher or threat analyst / IR team member

2. Core Level :

Fundamental skills of Task prioritization, Time management, Customer focus.

Proven ability to manage diverse stakeholder expectations

3. Advanced level : Good working knowledge in :

The threat and vulnerability landscape including malware, emerging threats, attacks and vulnerability management

Security penetration testing and Red Team processes, technologies and industry frameworks (eg CREST)

Knowledge of tactics, techniques, and procedures that could be used for recon, persistence, lateral movement, and ex-filtration

Application, system and network exploitation or enumeration techniques utilized today ranging from injection, privilege escalation, buffer overflows, fuzzing, scanning

Programming languages such as C / C# / C++, Java, or Assembly and one / or more of the scripting languages, e.g. Perl, Python, PowerShell or shell scripting

Application, system and network exploitation or enumeration techniques utilized today ranging from injection, privilege escalation, buffer overflows, fuzzing and scanning

Writing and demonstrating proof of concept work from an exploitation or attack perspective

Building and employing modules and tailored payloads for common testing frameworks or tools

Networking topologies, protocol usage, and enterprise hardware including switches, routers, firewalls and their roles in security

Access control methodologies, network / host intrusion detection, vulnerability management tools, patch management tools, penetration testing tools, and AV solutions

Infiltration of physical systems such as social engineering, and hardware authentication bypass

Hardware hacking or building custom hardware for the purpose of exploitation

Excellent oral / written communication skills for articulating thoughts clearly with stakeholders ranging from engineers to senior business management

Basic experience in cloud security and a good understanding of DevSecOps principles including Continuous Integration / Continuous Deployment practices (CI / CD)

Experience in working with cross-border teams, preferably in the Financial Services industry.

Detailed oriented, Strong deductive reasoning, critical thinking and problem-solving skills

Ability to work in a fast-paced team environment

4. Entry Level :

Broad understanding of security related regulatory requirements from MAS, HKMA, RBI, PRA and DFSNY

QUALIFICATIONS :

Bachelor’s Degree in engineering, Computer Science / Information Technology or its equivalent.

Industry certifications will be a plus e.g. CISSP, SANS GIAC, GPEN, OCSP, CREST certifications

Report this job

Thank you for reporting this job!

Your feedback will help us improve the quality of our services.