Vulnerability Analyst & Pen-Tester

Our team's mandate is to provide world-class service in Cyber Security as the leading Cyber Security service provider in Thailand and ASEAN Market. You will be joining TDG's Cyber Security team to protect our clients from cybercrime and support multifaceted countermeasures against cyber attacks by Threat Intelligence and remediation automation.

The Threat Intelligence and Vulnerability Analyst (TIVA) is responsible for providing a combination of strategic, tactical and operational intelligence to the MDR Centre and its constituency. They gather and analyse tactical cyber threat and vulnerabilities intelligence and provide timely intelligence support to incident responders and guidance to threat hunter.

Key Responsibilities

• Performs security vulnerability assessment and penetration testing of internal, perimeter, external and wireless network and web and mobile applications.
• Identifies security weaknesses and vulnerabilities, and non-compliance within the MDR Centre constituency.
• Characterises threats and provides recommendations for remediation.
• Advises appropriate business units on technical configuration and process changes, remediation and best practices to adapt to changing threats, vulnerabilities and new attack methods.
• Conducts follow up assessment to ensure proper action has been taken.
• Researches and develops testing tools, technique and process.
• Maintains, executes and refines processes to monitor, collect and update information about threats and vulnerabilities.

Qualifications

• Bachelor degree in a related field such as information security, management or computer engineering.
• Experience in security incident management and response, threat modelling, penetration testing and/or secure application development.
• Active CISSP, CISA & CISM certifications are good to have.
• Other relevant certifications (such as GCIH, GCIA, GCFA, GPEN, CEH, GWAPT, CEH and others) are desirable.
• Experience in architecture design and assessment (manual approach to penetration testing).
• Good working knowledge of security concepts for both Windows and Unix related operating Systems.
• Familiar with application and infrastructure vulnerabilities.
• Experience with exploit research and mitigation.
• Good working experience using various assessment tools, such as scanners, administrative utilities, local proxies, debuggers, fuzzier, etc.
• Good working knowledge of web technologies, solutions and attack vectors that apply to application technologies, such as OWASP.
• Experience with threat modelling methodologies.
• Experience with security source code review or development experience in C/C++, C#, VB.NET, ASP, or Java.
• Familiar with application reverse engineering techniques and procedures.
• Good working knowledge of IDS and AV evasion techniques.
• Working experience in a MDR Centre, Security Operations Centre (SOC), Managed Security Service (MSS), or enterprise network environment preferred.

OUR COMMITMENT TO YOU

We value our people and have the mission to attract and retain exceptional talent. We work in a truly agile environment where opinions are encouraged collaboration…. everyone has an opinion….opinions are valued…..and have no time for finger pointing and politics, instead we test & learn and celebrate successes as a team.

We will provide a training and coaching program to all our team members, tailored to your development needs and aspirations. This can cover a wide range of skills, like mastering new technologies, further developing your skills in presenting to a non-technical audience or supporting you to grow in a leadership position.

OUR OFFER

Employee Provident Fund – Annual Bonus - Annual health check-up - Medical Service @Workplace – Medical Expense Reimbursement - Health & Life Insurance - Fitness, Spa, Day care – Employee Privileges – Employee Loan - Education Loan - Scholarship for Employees' Children - Learning Center - Staff Activities - Smart Casual