Penetration tester

Client dedicated venture company was established in 2018 with the purpose of “Rewiring the DNA in Banking” by bringing three distinct areas together:

Venture building, with the objective of exploring new business models (“ventures”), in the way it engages existing new customers and markets.

There are c.65 team members (excluding individual ventures), including dedicated colleagues from the Group’s support functions, based in Singapore, Hong Kong, Shanghai, Nairobi, London and San Francisco

This is a white label plug-and-play banking solution powered by Leading Global Bank. We take pride in redefining how we bank customers globally by digitally marrying ecosystems to banks. Our Banking-as-a-Service (BaaS) solution is the gateway that enables convenient access to financial services. We believe in challenging the status quo and thinking outside the box to deliver innovative solutions. Let’s shape the future of banking together.

We are looking for a highly talented ICS professional to lead / join our ICS Security Operations team. The candidate must be comfortable with working on Information & Cyber Security (ICS) at both the abstract and detailed levels. The candidate will be someone who has a good balance of penetration testing and vulnerability management skillsets. Fluency in ICS concepts and practice, and the ICS regulatory landscape is a must.

A self-starter, independent with minimal supervision and strong hand-on experiences in penetration testing for various tech stacks including cloud environment.

• Delivering targeted and intelligence led security penetration testing and certifying SC platform builds through a robust testing methodology and process.
• Design and develop scripts, frameworks, tools, and the methods required for facilitating and executing complex attacks, emulating malicious actor behaviour aimed at avoiding detection.
• Responsible for operation of security penetration testing and internal tools, researching and analyzing vulnerabilities, identifying relevant threats, corrective action recommendations, summarizing and reporting results.
• Deliver continuous improvement through process re-engineering, technology transformation, integration and exploitation to deliver optimised yet robust services to mitigate threats to the Bank.
• Manage and influence stakeholders in understanding risk exposure and containment measures from vulnerabilities the Bank could be exposed to.

• Between 5 - 10 years of in-depth, hands-on working knowledge in penetration testing and vulnerability management in a global environment. Out of this a minimum of 3 years’ of professional experience as a lead penetration tester, reverse engineer, researcher or threat analyst.
• The threat and vulnerability landscape including malware, emerging threats, attacks and vulnerability management
• Knowledge of tactics, techniques, and procedures that could be used for recon, persistence, lateral movement, and ex-filtration
• Web, Mobile Applications and Operating Systems exploitation or enumeration techniques utilized today ranging from injection, privilege escalation, buffer overflows, fuzzing, scanning
• Programming languages such as Objective-C, Java, SWIFT and Assembly, one/or more of the scripting languages, e.g. Perl, Python, PowerShell or shell scripting
• IOS and Android reverse engineering, disassembling, decompiling and root/jailbreak detection evasion
• Writing and demonstrating proof of concept work from an exploitation or attack perspective
• Building and employing modules and tailored payloads for common testing frameworks or tools
• Networking topologies, protocol usage, and enterprise hardware including switches, routers, firewalls and their roles in security
• Access control methodologies, network / host intrusion detection, vulnerability management tools, patch management tools, penetration testing tools, and AV solutions
• Hardware hacking or building custom hardware for the purpose of exploitation.
• Experience in cloud security, especially AWS and a good understanding of DevSecOps principles including Continuous Integration/Continuous Deployment practices (CI/CD).
• Experience in container and Kubernetes testing and working knowledge of security best practices.
• Strong communication skills -oral and written.
• Ability to work in a fast-paced team environment.
• Detailed oriented, Strong deductive reasoning, critical thinking and problem solving skills.

• A hustler who is highly adaptable and able to perform in a fast-paced dynamic environment.
• A team player who champions ownership and upholds a collaborative work environment.
• An inquisitive learner who has the appetite for continuously improving and streamlining processes and the way we work.

• Competitive salary
• Luxoft Training Center
• Access to e-learning Library
• Individual development plans
• Long-term cooperation with possibility to gain experience in different projects and technologies
• A significant number of professional communities (Agile Community, Tech Community, Business Analysis Community, etc.)

• Group Life Insurance
• Private healthcare insurance – LuxMed. Unlimited access to specialist consultations with Dental Care included
• Medical costs reimbursement for employees (up to certain amount per quarter)
• Travel Insurance
• Benefit Program - Cafeteria and Multisport Card

• Various communities (sport, recreation activities, trips, board games, cultural and educational activities)
• Discounts program for employees – BeLux (banking offer, car leasing offer and cafeteria program discount)
• Convenient locations in a modern offices with game rooms
• Multinational projects for clients all over the world