Offensive Manager

Full Time Phnom Penh Posted 3 weeks ago

Technology

JOB RESPONSIBILITIES

  • 100% is to focus on leading offensive teams, planning offensive programs, developing and carry out VAPT program to align with internal controls, security compliance within IT infrastructure and development to mitigate security risk to acceptable level.
  • Lead offensive team members to conduct VAPT.
  • Prepare, plan and schedule periodic security/configuration audits and security vulnerability scanning, penetration testing, red team exercise.
  • Develop and carry out VAPT program.
  • Develop and carry out red team operations.
  • Build hacking/attacking tools, setup, implement and tuning security tools.
  • Coordinate/support annual external red team operation, penetration test.
  • Assess current information systems, process for vulnerabilities, weakness for possible upgrades or improvement.
  • Recruiting, training and mentor offensive/defensive team members.
  • Create, build, and maintain VAPT reports.
  • Deliver finding reports and explain the problem, solutions to related stakeholders.
  • Work and verifying the security of third-party vendors and collaborating with them to meet security requirements.
  • Coordinate between internal and external firm Audit, NBC and others
  • Coordinate between internal and external security assessment firms
  • Coordinate between internal and external PCI-DSS or ISO standard firms to completed project

JOB REQUIREMENTS

  • Graduated bachelor degree of Information Technology, preferably in the field of Computer Science.
  • Completed or certified any security course like CPENT, OSCP, PenTest+, GPEN,
  • Self-learning any security related course or own lab development is advantaged.
  • An adversarial mindset
  • At least 5 years of experience in IT security or relevant skills
  • Experience in leading team, lead projects
  • Understanding of the MITRE ATT&CK framework
  • Understanding Cyber Kill Chain framework
  • Understanding Top 25 Most Dangerous Software Weaknesses
  • Understanding OWASP top 10 web/API and cloud security risk
  • Understanding CVE, CWE, CPACE, CVSS
  • Understanding OSINT framework
  • Understanding cybersecurity principles
  • Understanding or knowledge of security product, Firewall, AV, EDR/MXDR, and any other similar security solutions.
  • Experience in working with OS: Windows Server, Linux (red hat/CentOS), container and VMware.
  • Experience in networking and understanding of OSI/TCP-IP model.
  • Experience with applications/service like web server, DNS, mail server, database, etc.
  • Experience or knowledge of multiple programming languages especially python, java, Go, Ruby and scripting.
  • Experience in penetration testing, security assessment.
Apply