Senior Specialist, Security Penetration Testing
Standard Chartered
Bangalore, India, South Asia
1d ago

About Standard Chartered

We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.

To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.

We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation.

This in turn helps us to provide better support to our broad client base.

RESPONSIBILITIES :

  • Delivering targeted and intelligence led security penetration testing and certifying SC platform builds through a robust testing methodology and process
  • Design and develop scripts, frameworks, tools, and the methods required for facilitating and executing complex attacks, emulating malicious actor behaviour aimed at avoiding detection.
  • Responsible for operation of security penetration testing and internal tools, researching and analysing vulnerabilities, identifying relevant threats, corrective action recommendations, summarizing and reporting results.
  • Maintain and evolve a mature set of security penetration testing and internal Red Team processes covering all areas of technology.
  • Scheduling / planning regulatory and nonregulatory related penetration testing activities
  • Deliver continuous improvement through process re-engineering, technology transformation, integration and exploitation to deliver optimised yet robust services to mitigate threats to the Bank
  • Manage and influence stakeholders in understanding risk exposure and containment measures from vulnerabilities the Bank could be exposed to.
  • ROLE SPECIFIC TECHNICAL COMPETENCIES : 1. Expert level :

  • Between 8 - 10 years of in-depth, hands-on working knowledge in security penetration testing, vulnerability management, technologies and Operational experience in a global environment.
  • Out of this a minimum of 3 years of professional experience as a lead penetration tester, reverse engineer, researcher or threat analyst / IR team member

    2. Core Level :

  • Fundamental skills of Task prioritization, Time management, Customer focus.
  • Proven ability to manage diverse stakeholder expectations
  • 3. Advanced level : Good working knowledge in :

  • The threat and vulnerability landscape including malware, emerging threats, attacks and vulnerability management
  • Security penetration testing and Red Team processes, technologies and industry frameworks (eg CREST)
  • Knowledge of tactics, techniques, and procedures that could be used for recon, persistence, lateral movement, and ex-filtration
  • Application, system and network exploitation or enumeration techniques utilized today ranging from injection, privilege escalation, buffer overflows, fuzzing, scanning
  • Programming languages such as C / C# / C++, Java, or Assembly and one / or more of the scripting languages, e.g. Perl, Python, PowerShell or shell scripting
  • Application, system and network exploitation or enumeration techniques utilized today ranging from injection, privilege escalation, buffer overflows, fuzzing and scanning
  • Writing and demonstrating proof of concept work from an exploitation or attack perspective
  • Building and employing modules and tailored payloads for common testing frameworks or tools
  • Networking topologies, protocol usage, and enterprise hardware including switches, routers, firewalls and their roles in security
  • Access control methodologies, network / host intrusion detection, vulnerability management tools, patch management tools, penetration testing tools, and AV solutions
  • Infiltration of physical systems such as social engineering, and hardware authentication bypass
  • Hardware hacking or building custom hardware for the purpose of exploitation
  • Excellent oral / written communication skills for articulating thoughts clearly with stakeholders ranging from engineers to senior business management
  • Basic experience in cloud security and a good understanding of DevSecOps principles including Continuous Integration / Continuous Deployment practices (CI / CD)
  • Experience in working with cross-border teams, preferably in the Financial Services industry.
  • Detailed oriented, Strong deductive reasoning, critical thinking and problem-solving skills
  • Ability to work in a fast-paced team environment
  • 4. Entry Level :

  • Broad understanding of security related regulatory requirements from MAS, HKMA, RBI, PRA and DFSNY
  • QUALIFICATIONS :

  • Bachelor’s Degree in engineering, Computer Science / Information Technology or its equivalent.
  • Industry certifications will be a plus e.g. CISSP, SANS GIAC, GPEN, OCSP, CREST certifications
  • Report this job
    checkmark

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    Apply
    My Email
    By clicking on "Continue", I give neuvoo consent to process my data and to send me email alerts, as detailed in neuvoo's Privacy Policy . I may withdraw my consent or unsubscribe at any time.
    Continue
    Application form