Job title: Offensive Security Assessment Sr. Specialist
Company: Emirates NBD
Job description: Job Description:The Offensive Security Assessments Manager will manage and conduct covert targeted penetration testing for Emirates NBD installations and controls through focused threat based methodologies as a simulated adversary to expose and exploit vulnerabilities to improve Cyber readiness and review security controls and system configurations across IT systems across the group to ensure their security posture and compliance. The candidate is expected to
- Manage and maintain the Offensive Security Assessment program as part of the Threat and Compliance (TCM) Charter and associated operating procedures based on the requirements of Emirates NBD policy, audit, compliance and regulatory requirements
- Maintain and manage Emirates NBD threat modelling framework and operationalize these models into the offensive security assessment program
- Collect open source intelligence on threats and vulnerabilities applicable to Emirates NBD technology stack
- Carry out scenario based war gaming activities
- Ensure threat controls and systems are reviewed for appropriate, effective and optimal configuration across the Group
- Participate in event planning stages to develop Cyber assessment plans and conduct assessment tests against Emirates NBD group installations & controls
- Identify and track IT risks and gaps that are remediated through operational activities or treated via risk management process.
- Responsible for threat activity reporting and insight on the IT technology assets used by the group.
- Managing planned and ad-hoc review and reporting requests from stakeholders across Emirates NBD Group IT and business functions
- Develop attack vectors, exploit payloads and backdoors as necessary for the successful execution of the Offensive Security Assessment program
- Contribute on Offensive Security automation initiatives
- Conduct periodic Purple/Red Team assessments and other attack simulation goals.
- Programming language proficiency in one or more languages C, C++, Python, CSharp, ASM etc.
- Prepare and deliver technical and management reports and presentations
- Prioritize business requirements and manage backlogs for team deliveries
- Accountable for stakeholder engagement and relationships to deliver security assessments as per TCM Charter
- Periodically assess the security of operationalized infrastructure and application technologies by them for weaknesses in order to protect customers and employees from attacks
- Ensure superior quality of data is depicted with respect to threats affecting the organization for effective decision making on investments in information security by executive management
- Research and implement new and innovative technologies and processes that help increase productivity, enhance stakeholder satisfaction and contributed to security maturity of the organization
- Stakeholder Management – Build lasting relationships with technical and business stakeholders in order to create a coherent and collaborative environment that helps influence remediation and garner stakeholder support for investments in information security
Key Requirements:
- Bachelors or Master’s Degree in Computer Science, Mathematics or equivalent discipline
- Master’s Degree in Business Management or equivalent
- Certifications such as CISSP, OSCP, OSCE, OSEP, OSWE, CREST, GPEN, SANS GXPN
- Experience with Bash scripting, Perl, Java, Python or R
- Experience with malware analysis tools
- Experience with mobile and digitization platforms
- Experience with platforms like Cloud, DBMS (SQL or NoSQL based), Containerization Technologies & Micro services/API based architecture
- Experience with MITRE Att&ck Framework
- Security Ninja with Analytical Thinking ability that thinks 3-4 steps ahead of an attacker and anticipates various attack / threat vectors (Thinking Related)
- Innovative and Out of the Box based approach to breaking controls and then improving them (Thinking)
- Collaborative leadership style that involves managing downward, coaching employees and building lasting relationships with business and technical stakeholders (People Related)
- Is transparent, accepts responsibility and takes accountability; accepts mistakes and learns from them (Self Related)
- Team Player who believes in working together; listen to other’s ideas; communicate accurately and concisely (People Related)
- Possesses high emotional intelligence in order to be able to manage self when dealing with discovery of critical threats and what actions to take on them (Self Related)
- Empathizes with team mates and stakeholders alike and understands on-the-ground reality situations, especially when influencing remediation (Self Related)
- Creates awareness/development of skills conducive to threat simulations/adapt skills to testing methods such as reverse engineering, password cracking, social engineering, infrastructure and application attacks (People)
About Us:ENBD Meet the leading banking group in the regionEmirates NBD, the leading Banking Group in the MENAT region, was formed on 19 June 1963, when H.H. Late Sheikh Rashid bin Saeed Al Maktoum signed the Charter of Incorporation of the National Bank of Dubai (NBD) which became the first National Bank established in Dubai and the United Arab Emirates (UAE). With the blessings of H.H. Sheikh Mohammed bin Rashid Al Maktoum, Vice President and Prime Minister of the UAE and Ruler of Dubai, NBD merged with Emirates Bank International (EBI) on 06 March 2007, to form Emirates NBD, the largest banking group in the region by assets. On 16 October 2007, the shares of Emirates NBD were officially listed on the Dubai Financial Market (DFM). The merger between EBI and NBD to create Emirates NBD, became a regional consolidation blueprint for the banking and finance sector as it combined the second and fourth largest banks in the UAE to form a banking champion capable of delivering enhanced value across Corporate, Retail, Islamic, Investment, and Private Banking, Global Markets & Treasury, Asset Management and Brokerage operations throughout the region.
Expected salary:
Location: United Arab Emirates
Job date: Sun, 12 Jan 2025 07:26:13 GMT
To help us track our recruitment effort, please indicate in your email/cover letter where (jobsnear.pro) you saw this job posting.Thanks&Good Luck