Security Engineer

Security Engineer/Consultant

1. Responsibilities
   

• Support various Cyber Security workstreams on Penetration Testing, Vulnerability Assessments, Secure Code Reviews, Red Teaming and Security Risk Assessments.
  
• Managing selected vendors for the assigned workstreams.
  
• Drive the scheduling of the workstream programme and remediation timelines.
  
• Maintain, troubleshoot, patch and update various security tools and scanners used in the workstream.
  
• Recommend the re-engineering and streaming of processes to improve workflows and efficiencies.
  
• Present management reporting and dashboarding to stakeholders, with analysis of data and trends, and recommend next steps.
  
• Follow up on remediation actions, security and risk assessments with respective stakeholders and applications teams.
  

1. What we are looking for
   

• Knowledge of the principles and objectives of the various Cyber Security testing workstreams.
  
• Technical knowledge of security vulnerabilities, validation of remediations and risk assessments.
  
• Professional certifications such OSCP, CISSP, etc. preferred.
  
• Familiar in at least one of the following – Penetration Testing, Vulnerability Assessments, Secure Code Review, DevSecOps, cyber exercises, awareness programmes.
  
• Technical knowledge in conducting Penetration Testing for enterprise applications and infrastructure.
  
• Hands on experience in operating and maintaining enterprise security tools such as Tenable Nessus vulnerability scanner.
  
• Familiarity with scripting for automating tasks using Python.
  
• Familiarity with security testing on API, container and cloud environments is advantageous.