In this role, you will be responsible for developing and implementing logical and scalable REST based web API using the micro-services architecture. You should have strong understanding of the micro services principles and choice of correct strategy to build up services for the next decade. You will be keeping the security as one of the key acceptance criteria of your deliverables. You will also be responsible for profiling and improving performance and documenting the codebase. You should be able to foresee the potential issues coming in future due to load and performance and make account for that in your technical design.
The resources would work on multiple initiatives on the bank during the security testing phase and get the pentation test activity completed before the initiatives goes live. Penetration test would include conducting authorized attempts to penetrate computer systems or networks using realistic threat techniques, to evaluate their security and detect potential vulnerabilities. Mainly Identifies, penetration , document and communication cybersecurity logical and technical gaps and propose recommendation that is aligned with the bank environment .
- Conduct or support authorized penetration testing of infrastructure and related information assets;
- Gather information about network topography and usage through technical analysis and open source research and document findings;
- Conduct network scouting and analyses vulnerabilities of systems within a network;
- Identify methods that attackers could use to exploit system and network vulnerabilities and continuously research and study security threats and attack vectors;
- Make recommendations to enable effective remediation of vulnerabilities and cyber security gaps identified;
- Provide stakeholders with actionable recommendations derived from attack scenarios testing and findings;
- Include business considerations in security strategies and recommendations;
- Make recommendations to management to make mitigation and correction measures or accept risks when security deficiencies are identified during testing;
- Carry out vulnerability scanning on systems and both external and internal information assets;
- Report penetration testing and vulnerability assessment findings including risk level, proposed mitigation and details necessary to reproduce the test results;
- Conduct remote testing of a network to expose weaknesses in security defense measures or externally exposed systems;
- Plan and create penetration methods, scripts and tests as required for the scoped system under penetration test activity;
- Present test findings, risks and conclusions to technical and non-technical audiences;
- Explain business impact of vulnerabilities identified through testing to make case for addressing them;
- Test for vulnerabilities in web applications, client applications and standard applications;
- Identify foreign language terminology within computer programs (e.g., comments, variable names);
- Research current technology to understand cyber defense capability required by systems or networks;
- Provide timely notice of imminent or hostile intentions or activities as result of a vulnerability which may impact the organization's objectives, resources, or capabilities;
- Ensure penetration testing is carried out when required for new or updated applications;
- Conduct trial runs of programs and software applications to ensure that the desired information is produced, and instructions and security levels are correct;
- Coordinate with other cyber defense staff to validate network alerts and provide expert technical support to resolve cyber defense incidents.
Qualifications & Experience:
- Bachelor’s degree in Computer Science or Information Technology preferably at a post-graduate level;
- Related fields certification OSCP , CREST , GXPEN;
- 3-5 years of relevant experience in information security and penetration test.