Security Analyst in Penetration Testing

• Test and implement security systems including hardware software and integrationrelated components.
  
• Maintain uptodate knowledge of the IT security industry including awareness of new or revised security solutions security standards trends / best practices offensive techniques and tools
  
• Conduct security assessment including penetration test vulnerability assessment on network application and information system to identify vulnerabilities and recommend corrective action.
  
• Perform periodic network web application mobile application physical security reviews social engineering tests and other related cyber security practices.
  
• Provide detailed remediation guidance for findings
  
• Assist with the coordination and performance of all thirdparty penetration testing projects regulatory examinations and other audits of information systems.
  
• Perform review and validation procedures for all findings noted by thirdparty testers related to network and web application security.
  
• Author quality penetration test reports with professional documentation of identified and exploited vulnerabilities/weaknesses
  
• Conduct detailed analysis of systems where breaches of critical IT infrastructure may have occurred and provide root cause analysis impact assessments and rapid response to aid detection of those responsible and make recommendations to assist prevention of similar incidents.
  
• Assist Infrastructure and Application Teams with prioritization of patches and security fixes following the vulnerability assessment.
  
• Responsible for organizing and systematically completing supporting documentation to support the work performed.
  

Requirements

• Bachelors degree preferably in computer science or information systems or equivalent work experience
  
• Three years direct Information Security experience or a similar role
  
• Minimum of two years professional experience in penetration testing
  
• Technical knowledge across a broad range of computing platforms and network protocols
  
• High proficiency in a variety of operating systems such as Unix/Linux/Mac/Windows operating systems
  
• Knowhow in manual techniques for penetration testing (network equipment servers web applications APIs wireless mobile databases and other information systems)
  
• Professional experience testing web applications for common web application security vulnerabilities as defined by OWASP including input validation vulnerabilities broken access controls session management vulnerabilities crosssite scripting issues SQL injection and web server configuration issues
  
• Tools Proxies Port Scanners Vulnerability Scanners Exploit Frameworks (ex: Burp Nessus Nmap Kali Linux)
  
• Strong oral and written communication skills including a demonstrated ability to prepare quality documentation and presentations for technical and nontechnical audiences
  
• Candidates with any professional certification that covers Vulnerability Assessment & Penetration Testing will have an added advantage.
  
• Familiar with standards and requirements such as ISO27001 NIST PCIDSS and that of financial authorities (e.g. GPIS/RMiT) will be an added advantage.
  
• Applicants must be willing to work in Bandar Sunway.