Job # 1-
Cybersecurity Threat & Vulnerability Assessment and Management |
- Type: Full-Time contract
- 100% remote in Philippines
- Project Duration: min 36 months with possible extension
- Job Description
- The position requires hands-on experience in application security testing, vulnerability management, and governance. The team lead will support the Global Security Office's existing DevSecOps practice and embed security in SDLC phases. He will need to be familiar with common vulnerabilities and must be proficient in performing manual exploitation of vulnerabilities without the aid of automated tools.
- The responsibilities associated with the position are as follows:
- Must be familiar with top industry Application Security testing tools. (HCL AppScan, Checkmarx, Veracode, Burp Suite and Synopsys Seeker)
- Proficient in mobile application penetration testing android and iOS
- Proficient in Web application and infrastructure penetration testing
- Manual source code reviews of Client /Server-side programming languages and frameworks.
- Assist with implementing and designing automated security checks within the CI/CD.
- Participate in the implementation or deployment of new security tools and processes.
- Must have a strong command over HTTP request/response construction and the manipulation of these to achieve the desired results in exploiting various vulnerabilities.
- Should be familiar with Metasploit and Python.
- Good knowledge of security technologies for secure software development such as cryptography, authentication techniques, protocols etc.
- Expert in DevSecOps with hands-on experience in implementing security aspects in continuous integration, continuous delivery and deployment automation
- Strong oral communications and writing skills are a must.
- Must have a strong command over web application penetration testing or network infrastructure testing.
- Must be a self starter with strong organizational skills to enable navigation of the company to identify sponsors, stakeholders and interested parties.
- Qualifications
- Bachelor's degree within a science or related discipline.
- Good understanding of OWASP Top 10 vulnerabilities, SANS Top 25, OSSTMM, PTES, NIST standards.
- 2-3 years of direct experience in vulnerability and penetration testing.
- OSCP, OSWE, CEH and other technical certifications are a plus.
- A proficient in Jenkins, Docker, Java, Python, Ruby, Perl, Scripting YAML, SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing)
- Minimum 2 years experience in Software Development Life Cycle in one or more languages (Rust, Python, Go, Nodejs, etc.)
- 2 years experience of implementing and handling DevSecops Practice.
- Hands-on experience with Jenkins, Docker, Kubernetes and microservice architecture.
- A can do attitude team player who works well under pressure and with dispersed groups, worldwide.
Job #-2
- Job Role: Senior Security Engineer
- Location: Remote in Philippines only
- Type: Full-time Contract
- 36 Months + Project Duration
- Mode of Interview: Video
- Experience: 10 Years + Minimum for senior role and 5+ Years for Mid level role
- Benefits: NO
- PTO (Paid Time Off): NO
- Project Duration: Very Long Term
- * Bachelor's degree in Computer Science or an equivalent engineering discipline, with a robust understanding of cloud, application, network, and device security
- * Exposure to CISSP, CISM, SANS certifications, with a Cloud Certified Security Specialty ( Preferred ).
- * Working knowledge of NIST CSF and its application to energy infrastructure, coupled with experience in compliance and audit practices
- * Track record in obtaining SOC 2, ISO 27001, and GDPR compliance
- * Experience with security implementation and monitoring
- * Execute vulnerability management controls, programs, and standards
- * Conduct and distribute vulnerability assessments and reports
- * Work closely with business stakeholders to ensure risk is remediated appropriately and in a timely manner
- * Managing vulnerability exception requests and entering them into the vulnerability management system
- * Understands and respects chain of command in a professional Work environment - Familiarity with common vulnerabilities, CVEs, and CWEs
- * Familiarity with encryption and cipher technologies - Ability to navigate Service Now and fulfill requests
- * Able schedule vulnerability scans, create and modify scan templates, and Work within SLAs to ensure testing doesn't impact production systems
- * Extensive in conducting penetration testing, vulnerability assessment, Vulnerability Management, web and mobile application security testing and Phising Simulation using various tools such as Kali, Nessus, Burp, Tenable, Invicti (Netsparker), Qualys VM Qualys Was, Acunetix and Rapid 7/Nexpose.
