Assistant Manager Offensive Security

Job Description:

Conduct Vulnerability Assessment and Penetration Testing (VA & PT) on APIs and Mobile Applications using the OWASP Framework, as per annual VAPT plan designed by the App Sec team

Prepare project deliverables / PT reports and ensure submission to the Line Manager for review

Utilize Black and Gray box testing approaches to conduct pentesting activities comprehensively, ensuring maximum coverage and assessing the security posture of our web application

Consult the IT dev team regarding vulnerability & Ensure proper follow-up with the IT team to address reported PT vulnerabilities timely

Conduct Penetration Testing of all network assets including, Servers and DBs etc.

Prepare and execute the plan for the PT of ATM

Ensure compliance with SBP regulations and guidelines, including those for customer digital onboarding and mobile application security and any other issued by regulator from time to time.

Collaborate with the Manager to develop and manage training content and materials.

Prepare and update the IS tool Manual

Conduct comprehensive risk assessments on identified vulnerabilities in VAPT to evaluate their potential impact and likelihood, providing a clear understanding of the associated risks

Responsible to map identified vulnerabilities to OWASP standards, ensuring alignment with industry best practices and enhancing the accuracy and relevance of security assessments

Conduct research on external threats and vulnerabilities to inform and improve security strategies.

External threat related activities to evaluate security Controls

Collaborate with the Manager to design and review comprehensive checklists for Mobile Application Security Testing and Web Application Security Testing

Prepare and maintain App Sec Tracker(s) assigned by Line Manager

Performs other duties as may be required or assigned by Line Manager or senior Management

Excellent organizational and time management skills

Job Specifications:

1 to 3+ year experience in Information/ Cyber Security

BS/MS degree in Computer Sciences or information security or cybersecurity

CEH/OSCP/ECPPT/OSWE certificate is an exceptional advantage

Knowledge/Skills:

Expert in ethical hacking aims to expose weak points and identify potential threats so that the organization can protect themselves from malicious hackers. This includes penetration testing during which an analyst will test networks, systems, web-based applications, and other systems to detect exploitable vulnerabilities.

Experience of understanding Information System Vulnerabilities and exploit techniques

Thorough knowledge of OWASP top ten attacks for web and mobile and remediation.