Duties and Responsibilities
- Perform vulnerability assessments, penetration testing and red teaming on a wide range of technologies including but not limited to Network, Web, Mobile, Thick Client Applications, Cloud, Kubernetes, and Operations Technology.
- Develop internal VAPT and red team capabilities through scripting, automation, and hands-on research into the latest exploitation tactics, techniques, and procedures (TTPs) of various threat actors.
- Lead and mentor a team of consultants on effective technical communication of vulnerabilities and remediation recommendations to clients.
- Organize and participate in Capture-The-Flag (CTF) events both internally and externally.
Requirements
- Familiarity with cyber security principles (e.g. networking, web development, vulnerability classes) and industry best practices (e.g. OWASP Top 10, MITRE ATT&CK Framework)
- Experienced in consulting, including internal and client facing experiences
- Ability to independently lead a project and communicate with clients
- Familiar with programming/scripting languages such as .NET, Python, Bash and PowerShell, etc.
- Possess relevant cybersecurity certifications or accredited experience from CTF and Bug Bounties
- Ability to travel overseas when required
Preferred Qualifications/Skills
- At least 5 years of consulting experience
- Proficient with security testing tools such as Nessus, Burp Suite, Frida, dex2jar, etc.
- Offensive Cyber Security Certifications (e.g. OSCP, CRT preferred)
- Mobile Application Development / Security Testing
- Red Teaming Tools such as Cobalt Strike, GoPhish, Sliver, Brute Ratel, etc.
- Source Code Review using automated scanners such as Checkmarx
- Reverse Engineering / Malware Development
- Static and Dynamic Analysis
- Experience in various security testing environments such as with the use of jumphosts, VPN, testing over GCC AWS/Azure, onsite/remote environments, etc.
- A self-motivated learner who is keen to develop and lead a team to be able to deliver professional services and grow local capabilities