Security Red Team Expert ( Banking / Finance / Securities )
UPA Vietnam
Địa điểm làm việc: Hồ Chí Minh
Hết hạn: 10/11/2024
- Chi tiết công việc
- Giới thiệu công ty
Thu nhập: Thỏa thuận
Loại hình: Toàn thời gian
Chức vụ: Nhân viên
Kinh nghiệm: 5 năm
Mô tả công việc
We are looking for an experienced Security Red Team Expert for the IT Security Department, with solid and comprehensive experience in threat hunting, vulnerability assessments, and penetration testing in the banking, securities, and trading sectors. The successful candidate would work in HCMC.
Roles and Responsibilities:
● Lead threat hunting and compromise assessments to proactively identify vulnerabilities across banking, securities, and trading systems.
● Simulate real-world attacks, both internal and external, to detect and exploit weaknesses in cloud infrastructure, on-premise systems, and application layers.
● Perform thorough investigations of security breaches, leveraging advanced cloud security forensics, ensuring timely incident detection, response, and resolution.
● Collaborate with internal teams on incidents, ensuring adherence to regulatory standards like PCI DSS, ISO 27001, and NIST CSF.
● Lead incident response planning, focusing on continuously improving detection and response capabilities for both cloud-based (AWS, GCP) and on-prem environments.
● Provide specialized security training to technical teams, fostering a proactive security culture across the organization.
● Direct red team exercises, supporting advanced penetration testing and vulnerability assessments, simulating adversarial attacks to improve overall security posture.
● Ensure the cloud and on-prem infrastructure align with the highest security standards, conducting rigorous assessments and validations of security configurations.
● Participate in architecture reviews to integrate secure-by-design principles, including microservices, container security, and infrastructure security.
● Provide hardening and secure deployment guidance for cloud services from providers like AWS and Google GCP, applying cutting-edge cloud security techniques.
● Support developing, monitoring, and continuously improving security policies, procedures, and standards, ensuring alignment with industry best practices and evolving threat landscapes.
● Work closely with Application Security teams to integrate security testing into CI/CD pipelines and automate threat detection processes.
● Collaborate with tech development and security operations teams to ensure effective incident response and secure implementation of new projects.
Roles and Responsibilities:
● Lead threat hunting and compromise assessments to proactively identify vulnerabilities across banking, securities, and trading systems.
● Simulate real-world attacks, both internal and external, to detect and exploit weaknesses in cloud infrastructure, on-premise systems, and application layers.
● Perform thorough investigations of security breaches, leveraging advanced cloud security forensics, ensuring timely incident detection, response, and resolution.
● Collaborate with internal teams on incidents, ensuring adherence to regulatory standards like PCI DSS, ISO 27001, and NIST CSF.
● Lead incident response planning, focusing on continuously improving detection and response capabilities for both cloud-based (AWS, GCP) and on-prem environments.
● Provide specialized security training to technical teams, fostering a proactive security culture across the organization.
● Direct red team exercises, supporting advanced penetration testing and vulnerability assessments, simulating adversarial attacks to improve overall security posture.
● Ensure the cloud and on-prem infrastructure align with the highest security standards, conducting rigorous assessments and validations of security configurations.
● Participate in architecture reviews to integrate secure-by-design principles, including microservices, container security, and infrastructure security.
● Provide hardening and secure deployment guidance for cloud services from providers like AWS and Google GCP, applying cutting-edge cloud security techniques.
● Support developing, monitoring, and continuously improving security policies, procedures, and standards, ensuring alignment with industry best practices and evolving threat landscapes.
● Work closely with Application Security teams to integrate security testing into CI/CD pipelines and automate threat detection processes.
● Collaborate with tech development and security operations teams to ensure effective incident response and secure implementation of new projects.
Yêu cầu
● Bachelor's degree in computer science, engineering, or a related field.
● 5+ years of experience in security roles, specializing in red teaming, threat hunting, or compromise assessments.
● Extensive experience with cloud security forensics, penetration testing, and incident investigation.
● Good knowledge of industry security standards (NIST CSF 2.0, PCI DSS 4.0, ISO 27001:2022) and their application in financial services.
● Proficiency in tools used for vulnerability scanning, network penetration testing, and cloud forensics (AWS, GCP, Azure environments).
● Hands-on experience performing offensive security engagements, including social engineering, red teaming, and vulnerability exploitation.
● Advanced English skills in oral and written forms, with the ability to communicate complex security concepts to technical and non-technical stakeholders.
● Ability to travel when required to support regional business needs.
● 5+ years of experience in security roles, specializing in red teaming, threat hunting, or compromise assessments.
● Extensive experience with cloud security forensics, penetration testing, and incident investigation.
● Good knowledge of industry security standards (NIST CSF 2.0, PCI DSS 4.0, ISO 27001:2022) and their application in financial services.
● Proficiency in tools used for vulnerability scanning, network penetration testing, and cloud forensics (AWS, GCP, Azure environments).
● Hands-on experience performing offensive security engagements, including social engineering, red teaming, and vulnerability exploitation.
● Advanced English skills in oral and written forms, with the ability to communicate complex security concepts to technical and non-technical stakeholders.
● Ability to travel when required to support regional business needs.
Quyền lợi
Thưởng
Yearly performance bonus
Đào tạo
Working in a fast-paced growth business with updated trends in Technology
Máy tính xách tay
Laptop Provided
Yearly performance bonus
Đào tạo
Working in a fast-paced growth business with updated trends in Technology
Máy tính xách tay
Laptop Provided
Thông tin khác
NGÀY ĐĂNG
11/10/2024
CẤP BẬC
Nhân viên
NGÀNH NGHỀ
Công Nghệ Thông Tin/Viễn Thông > Bảo Mật Công Nghệ Thông Tin
KỸ NĂNG
Red Teaming, Security, AWS, Microservice, English
LĨNH VỰC
Ngân hàng
NGÔN NGỮ TRÌNH BÀY HỒ SƠ
Tiếng Anh
SỐ NĂM KINH NGHIỆM TỐI THIỂU
6
QUỐC TỊCH
Không hiển thị
Xem thêm
11/10/2024
CẤP BẬC
Nhân viên
NGÀNH NGHỀ
Công Nghệ Thông Tin/Viễn Thông > Bảo Mật Công Nghệ Thông Tin
KỸ NĂNG
Red Teaming, Security, AWS, Microservice, English
LĨNH VỰC
Ngân hàng
NGÔN NGỮ TRÌNH BÀY HỒ SƠ
Tiếng Anh
SỐ NĂM KINH NGHIỆM TỐI THIỂU
6
QUỐC TỊCH
Không hiển thị
Xem thêm
Thông tin chung
- Thu nhập: Thỏa thuận
Cách thức ứng tuyển
Ứng viên nộp hồ sơ trực tuyến bằng cách bấm nút Ứng tuyển bên dưới:
Hạn nộp: 10/11/2024
Việc làm tương tự
Công ty Cổ phần Viễn thông FPT - FPT Telecom
thỏa thuận
12/12/2024
Hồ Chí Minh
Công ty Cổ phần Viễn thông FPT - FPT Telecom
10 triệu - 11 triệu
25/11/2024
Hồ Chí Minh
CÔNG TY TNHH PWC (VIỆT NAM) - Tập Đoàn Kiểm Toán Đa Quốc Gia PwC
Thỏa thuận
27/11/2024
Hồ Chí Minh
Công Ty TNHH Money Forward Việt Nam
Thỏa thuận
16/12/2024
Hồ Chí Minh
CÔNG TY TNHH VSL VIỆT NAM
Thoả thuận
13/11/2024
Hồ Chí Minh
hỗ trợ doanh nghiệp
Giải thưởng
của chúng tôi
Top 3
Nền tảng số tiêu biểu của Bộ
TT&TT 2022.
Top 15
Startup Việt xuất sắc 2019 do VNExpress tổ chức.
Top 10
Doanh nghiệp khởi nghiệp sáng tạo Việt Nam - Hội đồng tư vấn kinh doanh ASEAN bình chọn.
Giải Đồng
Sản phẩm công nghệ số Make In Viet Nam 2023.