Title: Cyber Security Engineer (RED Team)
Company Name: উপায় (UCB Fintech Company Limited)
Vacancy: Not specific
Job Location: Dhaka
Employment Status: Full-time
∎ Bachelor of Science (BSc) in Computer Science & Engineering
∎ Certification (Preferred)
∎ CEH / ECSA / OSCP
∎ CompTIA Security+
∎ Certified Penetration Tester
∎ Preferred Professional Certification: CEH,ECSA,OSCP
∎ 3 to 4 year(s)
∎ Conduct cyber-attack simulations as part of the RED team activity.
∎ Initial reconnaissance open-source intelligence (OSINT) for collecting information on the target.
∎ Conduct Vulnerability Assessment and Penetration Testing on network & security devices, web applications, mobile applications, IT systems and hardware.
∎ Conduct Vulnerability Assessment and Penetration Testing on Android & iOS mobile applications.
∎ Conduct social engineering, phishing, intercepting communication software
∎ Conduct IT forensic reviews and ethical hacking as per requirements.
∎ Conduct configuration reviews for OS, DB, Firewall, Routers, Switches and other security devices/components in lieu of standards.
∎ Perform manual testing of web applications.
∎ Conduct source-code review using automated and manual approaches.
∎ Developing, modifying or expanding custom exploits.
∎ Ensure timely delivery of status updates and reports.
∎ Keep updated on the latest IT Security news, exploits, hacks.
∎ Prepare Threat Intelligence reports for newly discovered threat agents, exploits, attacks.
∎ Experience in Bank, FinTech, Financial, Large corporate, Enterprise is preferred.
∎ Computer Networking Concepts – Understanding of TCP/IP and transmission-related security, common networking ports and protocols, OSI model
∎ Security Testing on connected network
∎ Methods - Vulnerability scanning & assessments, Penetration testing etc.
∎ Functions - Contribution to threat modeling, test scenario design & execution, industry-standard issue-reporting, collaboration with development teams to support fulfilment of security obligations etc.
∎ Tools - Experience in security assessment tools
∎ Automation - Experience in Automating Security tests using scripting languages (e.g. Python, Perl, Ruby)
∎ Standards - Experience working with NIST, OWASP, MITRE CWE, MITRE ATT&CK etc.
∎ Experience in conducting Web application VAPT – DAST and API. Strong Knowledge on OWASP framework and methodologies
∎ Understanding of Web Services technologies such as XML, SOAP, REST and SAML
∎ Exposure in SQL Injection, XSS, CSRF, bug bounty - would be a big plus.
∎ Hands-on Security Testing on Mobile Applications are added advantage
∎ Understanding of MITRE ATT&CK Framework
∎ Understanding of cybersecurity tool’s and the market leader’s products
∎ Ability to understand business concepts and integrate business risk elements into security operations.
∎ Manage tracking and remediation of vulnerabilities by leveraging agreed-upon action plans and timelines with responsible technology developers and support teams.
Job Source: Bdjobs.com Online Job Posting.
Application Deadline: 21 Sep 2021
∎ 7 Sep 2021
∎ উপায় (UCB Fintech Company Limited)
∎ Address : UCB HQ (Plot - CWS- (A)-1, Road No - 34, Gulshan Ave, Dhaka 1212)
∎ Business : Mobile Financial Services