IT SECURITY & GOVERNANCE ANALYST
(RED TEAM)

 

A professional at this position level must have the following responsibilities :-

  • Must be able to handle the most dynamic and challenging scenarios encountered by the red team program and assist other analysts by providing direction and guidance when needed.
  • Responsible to identify and exploit vulnerabilities in a wide array of systems in variety situations.
  • Responsible to set up scheduled and ad-hoc red team scenarios to highlight gaps impacting client security posture.
  • Ability to work both independently, as well as a team of technical testers on penetration testing and red team engagements.
  • Perform in-depth analysis of red team engagement results and provide a validated/verified detailed report that describes findings, exploitation procedures, risks and recommendations.
  • Execute penetration test and red team projects using, but not limited to, established methodology, tools and rules of engagement.
  • In-depth research of the latest adversarial TTPs and technologies to remain at the bleeding edge.
  • Plan and conduct attacks on internally or externally systems/infrastructure with an emphasis on critical functions targeted by adversaries. Ability to emulate adversarial TTPs (Tools, Tactics and Procedures).

Basic Qualifications

  • Minimum of 5 years working experience in Red Team/Penetration Testing.
  • Professional level understanding and experience of intrusion analysis.
  • Strong experience/knowledge in at least 3 of the followings:
    • Web attacks (Injection/XSS/Validation etc)
    • Database (Oracle, MSSQL, MySQL etc)
    • Network (protocols, network traffic analysis –wired/wireless/LTE etc.)
    • Proficient in Operating Systems (Unix/Linux, Windows, embedded systems etc)
    • Application analysis (fuzzing, reverse engineering, dissamblers etc)
    • Cryptographic analysis
    • Application development (coding/scripting, code analysis)

Advantages

  • Strong problem solving and analytical skill
  • Ability to identify both tactical and strategic solutions.
  • SANS or other similaraccreditations with relation to red team/penetration testing.

CONTACT

 

To discuss your permanent or contractor recruitment needs please contact us or email: recruitment@qaafresoures.com.my