• Competitive
  • Singapore
  • Permanent, Full time
  • Citibank NA
  • 13 Dec 17

IS Ops Sr. Manager

IS Ops Sr. Manager

  • Primary Location: Singapore,Singapore,Singapore
  • Education: Bachelor's Degree
  • Job Function: Technology
  • Schedule: Full-time
  • Shift: Day Job
  • Employee Status: Regular
  • Travel Time: No
  • Job ID: 17050868


Description

Duties will include providing infrastructure and application vulnerability assessment and penetration testing services to Citi businesses globally through a comprehensive testing process, as well as identifying weaknesses and vulnerabilities within the system and proposing countermeasures. Typical assignments will involve testing of the overall security of critical infrastructure components and applications to ensure they comply with internal policies, security architecture best practices, and industry standards; scanning and discovering rouge hosts, networks, and devices; and scanning and discovering vulnerable systems and applications. The candidate will be expected to act as a subject matter expert in offensive information security including databases, networking, operating systems, applications, and programming.

Qualifications

      Pre-requisites for this position are at least a Bachelor's Degree with 3 - 7 years of experience on most of the following:
      - Conducting vulnerability assessments and penetration testing (application and/or infrastructure) and articulating security issues to technical and non-technical audience
      - Identifying, researching, validating, and exploiting various different known and unknown security vulnerabilities on server and client side 
      - Vulnerability Assessment tools, e.g. Nessus, Qualys, etc
      - Exploitation frameworks, e.g. Metasploit, CANVAS, Core Impact
      - Social Engineering campaigns, e.g. email phishing, phone calls, SET
      - Deep understanding of OSI model
      - Security devices, e.g. Firewalls, VPN, AAA systems
      - OS Security, e.g. Unix, Linux, Windows, Cisco, etc
      - Understanding of common protocols, e.g. LDAP, SMTP, DNS, Routing Protocols
      - Web application infrastructure, e.g. Application Servers, Web Servers, Databases
      - Web development and programming languages i.e. Python, Perl, Ruby, Java, and/or .Net
      - Reporting information security vulnerabilities to businesses
      Industry-accredited security certifications will be required (the candidate must have or be willing to obtain all of the following certifications - GIAC GXPN, GPEN, GCIH, CISSP, and CEH). Knowledge of tools and processes used to expose known and undocumented vulnerabilities in various different systems."