Senior Penetration Tester - Virtual Banking
About Standard Chartered
We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.
To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.
We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.
As one of the biggest banks in market, we are rapidly expanding by growing a new virtual banking business in Hong Kong. We see ourselves as a fast growing start-up company where you will enjoy autonomy and teamwork at the same time, solving new and exciting problems in a nimble and agile way. Join us and be part of history making for future banking experience!
The Role Responsibilities
We are looking for a Senior Penetration Tester to provide senior Cyber Security expertise to effectively and efficiently ensure the ongoing confidentiality, integrity and availability of systems and information. The person will be focusing on penetration testing, application and code security, vulnerability assessments, and security incident management. Strong hands-on experience with security testing, networking and monitoring tools, such as Burp, suite, OWASP Zap, Nmap, Metasploit, Wiresshark and SIEM are highly preferable.
Our Ideal Candidate
- Lead and perform hands-on penetration testing of web applications, APIs, infrastructure, mobile (iOS/Android), and network in order to assess and validate the security posture
- Perform vulnerability scans and assessments
- Conduct security code reviews and make recommendations to developers
- Drive security awareness of secure coding practices and techniques
- Write high quality security reports on identified security vulnerabilities, including recommendations to remediate, and delivery of report to stakeholders
- Work collaboratively with key development and operations stakeholders in order to establish and deliver a secure CI/CD pipeline
- Support incident management response and investigation activities such as triage, threat analysis, end-user interviews, and remediation efforts
- Provide subject matter expertise, security consulting, and advisory services to business entities and project teams
- Excellent time management and ability to work on multiple projects as needed
- Manage key security assurance suppliers as required
- Conduct offensive research to evaluate emerging cyber security threats and trends
- Maintain up-to-date knowledge of the latest attacks, vulnerabilities, mitigation strategies, industry best practices and regulations
- Build strong working relationships across the business and technology teams
- Coach and mentor junior team members
- Solid experience in IT security related positions with a key focus on penetration testing, application and code security, vulnerability assessments, and security incident management
- Passion for offensive security and assurance
- Strong risk mindset and knowledge of risk management guidelines and frameworks
- Deep understanding of penetration testing methodologies, vulnerability identification, and software security principles
- Being able to translate complex technical scenarios, cyber security specific threats, and related mitigating controls into a language that stakeholders at all levels can understand
- Hands-on threat, vulnerability, patching, and remediation management experience
- Additional experience working within a CIRT / SOC, or similar capacity
- Strong hands-on experience with security testing, networking, and monitoring tools such as, Burp Suite, OWASP Zap, Nmap, Metasploit, Wireshark, and SIEM
- Ability to act calmly and competently in high-pressure, high-stress situations. Must be a critical thinker, with strong problem-solving skills and analytical skills
- The ability to manage multiple projects under strict timelines
- Development and automation experience in one or more programming languages are highly desired
- Experience working in a cloud environment is highly desired
- Ability to contribute in a team environment
- Strong English communication skills
- One of more industry-recognised certifications in penetration testing (OSCP, OSWE, OSCE, CREST CCT / CRT, SANS, etc.)
- Desirable for Bachelors/Masters level qualifications in Management, Engineering, Law, Computer Science, IT, Business or Commerce
- Participation in relevant Cyber Security industry forums is desirable.
Apply now to join the Bank for those with big career ambitions.