Introduction

Boubyan Bank application Offensive Security Operations Team delivers next generation application security assessments and infrastructure penetration testing services. As part of the team, your primary responsibility will be performing hands penetration testing, threat modelling, security design reviews of some of Boubyan Bank most critical applications, platforms, and the perimeter. You will work with application developers to not only understand root cause and mitigate vulnerabilities, but also to identify where vulnerabilities can be identified earlier in the SDLC, follow up with internal teams to remediate discovered vulnerabilities, manage external penetration testing and red teaming projects with our Bank’s external vendors.

Successful candidates are expected to demonstrate an eagerness to learn, the drive to excel, excellent technical knowledge of security concepts and proven expertise in penetration testing and application security.

Job Responsibilities

• Conduct in-depth manual penetration tests, identifying vulnerabilities in Web/Mobile Applications.
• Conduct application security assessments, identify vulnerabilities and properly document findings and provide improvement recommendations.
• Conduct threat modelling for newly published and already developed applications.
• Detailed analysis of issues identified and exposure for the management including proof of concept, reproduction steps, and recommended remediation. And reporting on findings and vulnerabilities including presenting results to non-technical managers
• Develop customized tools and automation scripts to improve identification of vulnerabilities at scale
• Assisting in the continual development of the team and service through research and development activities. This includes the development of in-house tools the implementation of tools released to the community, and design and documentation of new and existing internal systems and processes.
• Undertaking projects and support tasks as appropriate to the role.

Preferred Qualifications

• Core computing skills including but not limited to:
• Networking fundamentals – understanding of OSI Model, TCP/IP, HTTP, DNS, SMB, SMTP and relevant tools.
• Microsoft Windows and Office proficiency along with proficiency in one or more Linux distributions.
• Strong knowledge of web application technologies and security assessment including but not limited to:
• REST APIs, SOAP APIs, XML and JSON formats.
• Vulnerability identification and exploitation (not limited to OWASP Top 10 for Web & Mobile).
• Experience with common application security assessment tools.
• Excellent time management including setting priorities and goals to complete assigned and arising tasks.
• Excellent report writing and presentation skills
• Excellent English speaking and writing skills.
• (Preferable to have) Good knowledge of internal and external infrastructure technologies and security assessment including but not limited to:
• Identification and exploitation of misconfigurations or known vulnerabilities in common enterprise infrastructure and services (Windows Domains, Linux servers, virtualization, databases, switches/routers, etc).
• Knowledge of a scripting language such as Python (preferred), Ruby, PowerShell, or Bash, for the development of new, or editing existing, tools.
• Evidence of rapidly and confidently gaining knowledge of, and applying knowledge of, emerging technologies, vulnerabilities, and penetration testing tools and techniques.
• (Preferable to have) Certifications: OSCP or GWAPT or GXPN.

What you get

• Hybrid working environment.
• Working with highly qualified colleagues from different cyber security sectors.
• Getting annual on-job trainings/certifications to increase employees’ skills and knowledge.
• Diversity of tasks from technical skills like penetration testing, code review to non-technical skills like: active communication and presentation to high board, should increase candidates’ set of skills.
• very competitive packages
  

• للتقديم الان