Ho Chi Minh City, Ho Chi Minh City, Vietnam

Consultant, Offensive Security

 Job Description:

Duration: 01 year 

Onsite Bank HCM 

  • At least 3 years as a penetration tester; Experience working with large corporations.
  • Training on self-development platforms (i.e. HackTheBox, Pentesterlabs, wechall, etc.);
  • Participation in Bug Bounty programs;
  • Undergraduate (minimum) in technical degree (Computer Science, Software Engineer, Cyber Security);

Reponsibilities: 

  • Work with project stakeholders to identify assets and define test scopes evaluating the breadth and depth on which testing should take place based on varying factors;
  • Execute penetration tests, either in a team or individually, to identify vulnerabilities and weaknesses that could impact bank systems; o Including testing of web applications, mobile applications, web APIs, Infrastructure, Cloud technologies, and hardware.
  • Triage vulnerabilities and justify risk in alignment with common vulnerability scoring systems, considering the environment and context;
  • Report testing results to key project stakeholders in varying formats (i.e. traditional report, bug tickets), including verbal communication;
  • Be involved with internal projects and initiatives to uplift team capabilities;
  • Provide QA reviews for testing scopes and reports from your peers to ensure high quality and accuracy of testing;
  • Work with larger technical programs across the bank to understand and construct testing requirements;
  • Where required, work as an embedded penetration tester on large programs;
  • Assist with other offensive security activities within the team (e.g. red team activity);
  • Self-manage security testing projects from end-to-end;
  • Participate in run the business activities, such as maintenance and uplift of the penetration testing environment.

This role does not have direct reports.

Deliver offensive security testing services seamlessly and comprehensively to delivery teams, driving consistent outcomes and furthering security awareness within development teams.

Drive culture shift throughout the organisation (PU level), making security part of everyones day to day activities.


Core Skills & Capabilities required: 
The must have hard (technical) and Capabilities required

1. A comprehensive understanding of Penetration Testing frameworks and methodologies
(OWASP, OSSTMM, WAHH);
2. Methodical, analytical approach with outstanding attention to detail. The ability to
construct and execute testing within a controlled environment that complies with
methodologies, policies, and best practice;
3. A clear understanding of both manual and automated penetration testing techniques,
including knowledge of common penetration testing tools and the impacts they have on
systems;
4. A good understanding of risk mitigation strategies when working in highly sensitive
environment;
5. Proven ability to work both individually and within a team environment (at times with little
guidance), build strong relationships and maintain rapport with internal stakeholders and
3rd party service providers;
6. Strong team working skills are essential;
7. Excellent verbal and written communication skills;
8. Strong team working skills are essential;
9. Ability to attend to the detail on multiple concurrent tasks while meeting various deadlines;
10. Ability to work semi-autonomously and organise/prioritise own work schedule on a short
term basis;
11. Proven ability to develop scripts and tools to enhance manual processes and existing
tooling.




  Required Skills:

Security