Job title: Penetration Testing Senior Specialist, Security Penetration Testing
Company: Standard Chartered
Job description: About Standard Chartered We’re an international bank, nimble enough to act, big enough for impact. For more than 160 years, we’ve worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a c
About Standard Chartered We’re an international bank, nimble enough to act, big enough for impact. For more than 160 years, we’ve worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you’re looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents. And we can’t wait to see the talents you can bring us. Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you’ll see how we value difference and advocate inclusion. Together we: Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well Be better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing. Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations Time-off including annual, parental/maternity (20 weeks), sabbatical (12 weeks maximum) and volunteering leave (3 days), along with with minimum global standards for annual and public holiday, which is combined to 30 days minimum Flexible working options based around home and office locations, with flexible working patterns Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills,global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies – everyone feels respected and can realise their full potential. Recruitment assessments – some of our roles use assessments to help us understand how suitable you are for the role you’ve applied to. If you are invited to take an assessment, this is great news. It means your application has progressed to an important stage of our recruitment process. Role Responsibilities About nexus nexus is a white label plug-and-play banking solution powered by Standard Chartered Bank. We take pride in redefining how we bank customers globally by digitally marrying ecosystems to banks. Our Banking-as-a-Service (BaaS) solution is the gateway that enables convenient access to financial services. We believe in challenging the status quo and thinking outside the box to deliver innovative solutions. Let&rsquos shape the future of banking together. What will you be doing We are looking for a highly talented ICS professional to lead / join our ICS Security Operations team. The candidate must be comfortable with working on Information & Cyber Security (ICS) at both the abstract and detailed levels. The candidate will be someone who has a good balance of penetration testing and vulnerability management skillsets. Fluency in ICS concepts and practice, and the ICS regulatory landscape is a must. A self-starter, independent with minimal supervision and strong hand-on experiences in penetration testing for various tech stacks including cloud environment. Delivering targeted and intelligence led security penetration testing and certifying SC platform builds through a robust testing methodology and process. Design and develop scripts, frameworks, tools, and the methods required for facilitating and executing complex attacks, emulating malicious actor behaviour aimed at avoiding detection. Responsible for operation of security penetration testing and internal tools, researching and analyzing vulnerabilities, identifying relevant threats, corrective action recommendations, summarizing and reporting results. Deliver continuous improvement through process re-engineering, technology transformation, integration and exploitation to deliver optimised yet robust services to mitigate threats to the Bank. Manage and influence stakeholders in understanding risk exposure and containment measures from vulnerabilities the Bank could be exposed to. The nexus family is made up of a bunch of fun, hardworking and results-oriented individuals. Most importantly, nexaurs value teamwork, and we champion a respectful, open and trusting work environment. If you are interested to be part of the team in re-wiring the DNA of banking, join us today. #YesWeCanLAH. Find out more about nexus and what we do at https://scventures.io/nexus/ About SC Ventures SC Ventures (&ldquoSCV”) was established in 2018 with the purpose of &ldquoRewiring the DNA in Banking” by bringing three distinct areas together: The eXellerator Lab, enabling innovation at large in the Bank by supporting intrapreneurs and their ideas, collaborating with fintech&rsquos through the SCV Fintech Bridge and engaging with clients and co-creation ideas. The Investment Fund (&ldquoFund”), tasked to acquire minority stakes in fintech companies (&ldquofintechs”) whose technology has been successfully validated in the Group. Venture building, with the objective of exploring new business models (&ldquoventures”), in the way it engages existing new customers and markets. There are c.65 team members (excluding individual ventures), including dedicated colleagues from the Group&rsquos support functions, based in Singapore, Hong Kong, Shanghai, Nairobi, London and San Francisco. Our Ideal Candidate Bachelor Degree in Engineering, Computer Science/Information Technology or its equivalent. Industry certifications will be a plus e.g. SANS GPEN, GWAPT, OCSP, OSWE, OSEP, CREST PT certificates. What do you need to be successful in this role Between 5 – 10 years of in-depth, hands-on working knowledge in penetration testing and vulnerability management in a global environment. Out of this a minimum of 3 years’ of professional experience as a lead penetration tester, reverse engineer, researcher or threat analyst. The threat and vulnerability landscape including malware, emerging threats, attacks and vulnerability management. Knowledge of tactics, techniques, and procedures that could be used for recon, persistence, lateral movement, and ex-filtration. Web, Mobile Applications and Operating Systems exploitation or enumeration techniques utilized today ranging from injection, privilege escalation, buffer overflows, fuzzing, scanning. Programming languages such as Objective-C, Java, SWIFT and Assembly, one/or more of the scripting languages, e.g. Perl, Python, PowerShell or shell scripting. IOS and Android reverse engineering, disassembling, decompiling and root/jailbreak detection evasion. Writing and demonstrating proof of concept work from an exploitation or attack perspective. Building and employing modules and tailored payloads for common testing frameworks or tools. Networking topologies, protocol usage, and enterprise hardware including switches, routers, firewalls and their roles in security. Access control methodologies, network / host intrusion detection, vulnerability management tools, patch management tools, penetration testing tools, and AV solutions. Hardware hacking or building custom hardware for the purpose of exploitation. Experience in cloud security, especially AWS and a good understanding of DevSecOps principles including Continuous Integration/Continuous Deployment practices (CI/CD). Experience in container and Kubernetes testing and working knowledge of security best practices. Strong communication skills -oral and written. Ability to work in a fast-paced team environment. Detailed oriented, Strong deductive reasoning, critical thinking and problem solving skills. We are also looking for A hustler who is highly adaptable and able to perform in a fast-paced dynamic environment. A team player who champions ownership and upholds a collaborative work environment. An inquisitive learner who has the appetite for continuously improving and streamlining processes and the way we work. Visit our careers website
Expected salary:
Location: Bangalore, Karnataka
Job date: Fri, 13 May 2022 22:32:09 GMT
Apply for the job now!