Penetration Testing Lead
About Standard Chartered
We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.
To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.
We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.
The Role Responsibilities
Our Ideal Candidate
- Working together with service Head's on improving capability maturity of Penetration Testing services
- Leading a team of penetration testers working with customers across ~70 countries,
- Provide thought leadership, research and report on current SC exposure to vulnerabilities and emerging threats and vulnerabilities through periodic management briefings and bulletins and working closely with relevant teams to implement short-gap remediation activities and compensating controls to reduce risk while identified vulnerabilities are being addressed.
- Manage and influence stakeholders in understanding risk exposure and containment measures from vulnerabilities the Bank could be exposed to.
- Maintain and evolve a mature set of security penetration testing and internal Cyber Attack Simulation processes covering all areas of technology.
- Responsible for operation of security penetration testing and internal Cyber Attack Simulation tools, researching and analyzing vulnerabilities, identifying relevant threats, corrective action recommendations, summarizing and reporting results.
- Planning and delivering targeted and intelligence lead scenario based security penetration and internal. Cyber Attack Simulation testing and certifying SC platform builds through a robust testing methodology and process.
- Deliver continuous improvement through process re-engineering, technology transformation, integration and exploitation to deliver optimised yet robust services to mitigate threats to the Bank.
- Design and develop scripts, frameworks, tools, and the methods required for facilitating and executing complex attacks, emulating malicious actor behavior aimed at avoiding detection.
- Bachelor Degree in Engineering, Computer Science/Information Technology or its equivalent.
- Industry certifications will be a plus e.g. CISSP, SANS GIAC, GPEN, OCSP, CREST certifications
- Between 8 - 10 years of in-depth, hands -on working knowledge in security penetration testing, vulnerability management , technologies and Operational experience in a global environment. Out of this a minimum of 3 years' of professional experience as a lead penetration tester, reverse engineer, researcher or threat analyst / IR team member
- Basic experience in cloud security and a good understanding of DevSecOps principles including Continuous Integration/Continuous Deployment practices (CI/CD)
- Good working knowledge in:
- The threat and vulnerability landscape including malware, emerging threats, attacks and vulnerability management
- Security penetration testing and Red Team processes, technologies and industry frameworks (eg CREST)
- Knowledge of tactics, techniques, and procedures that could be used for recon, persistence, lateral movement, and ex-filtration
- Application, system and network exploitation or enumeration techniques utilized today ranging from injection, privilege escalation, buffer overflows, fuzzing, scanning
- Programming languages such as C /C# / C++, Java, or Assembly and one/or more of the scripting languages, e.g. Perl, Python, PowerShell or shell scripting
- Application, system and network exploitation or enumeration techniques utilized today ranging from injection, privilege escalation, buffer overflows, fuzzing and scanning
- Writing and demonstrating proof of concept work from an exploitation or attack perspective
- Building and employing modules and tailored payloads for common testing frameworks or tools
- Networking topologies, protocol usage, and enterprise hardware including switches, routers, firewalls and their roles in security
- Access control methodologies, network / host intrusion detection, vulnerability management tools, patch management tools, penetration testing tools, and AV solutions
- Infiltration of physical systems such as social engineering, and hardware authentication bypass
- Hardware hacking or building custom hardware for the purpose of exploitation
- Experience in working with cross-border teams, preferably in the Financial Services industry.
- Broad understanding of security related regulatory requirements from MAS, HKMA, RBI, PRA and DFSNY
- Fundamental skills of Task prioritization, Time management, Customer focus.
- Detailed oriented, Strong deductive reasoning, critical thinking and problem solving skills
- Ability to work in a fast-paced team environment
- Proven ability to manage diverse stakeholder expectations
- Excellent oral/written communication skills for articulating thoughts clearly with stakeholders ranging from engineers to senior business management
Apply now to join the Bank for those with big career ambitions.
To view information on our benefits including our flexible working please visit our career pages .