Vulnerability Analyst & Pen-Tester
Thailand
True Digital Group
Enabling Digital Transformation As a subsidiary of True Corporation, a leading communications conglomerate in Thailand, True Digital Group (TDG) ambition is to transform Thailand and the region for digital revolutions. uncover new...Our team's mandate is to provide world-class service in Cyber Security as the leading Cyber Security service provider in Thailand and ASEAN Market. You will be joining TDG's Cyber Security team to protect our clients from cybercrime and support multifaceted countermeasures against cyber attacks by Threat Intelligence and remediation automation.
The Threat Intelligence and Vulnerability Analyst (TIVA) is responsible for providing a combination of strategic, tactical and operational intelligence to the MDR Centre and its constituency. They gather and analyse tactical cyber threat and vulnerabilities intelligence and provide timely intelligence support to incident responders and guidance to threat hunter.
Key Responsibilities
- Performs security vulnerability assessment and penetration testing of internal, perimeter, external and wireless network and web and mobile applications.
- Identifies security weaknesses and vulnerabilities, and non-compliance within the MDR Centre constituency.
- Characterises threats and provides recommendations for remediation.
- Advises appropriate business units on technical configuration and process changes, remediation and best practices to adapt to changing threats, vulnerabilities and new attack methods.
- Conducts follow up assessment to ensure proper action has been taken.
- Researches and develops testing tools, technique and process.
- Maintains, executes and refines processes to monitor, collect and update information about threats and vulnerabilities.
Qualifications
- Bachelor degree in a related field such as information security, management or computer engineering.
- Experience in security incident management and response, threat modelling, penetration testing and/or secure application development.
- Active CISSP, CISA & CISM certifications are good to have.
- Other relevant certifications (such as GCIH, GCIA, GCFA, GPEN, CEH, GWAPT, CEH and others) are desirable.
- Experience in architecture design and assessment (manual approach to penetration testing).
- Good working knowledge of security concepts for both Windows and Unix related operating Systems.
- Familiar with application and infrastructure vulnerabilities.
- Experience with exploit research and mitigation.
- Good working experience using various assessment tools, such as scanners, administrative utilities, local proxies, debuggers, fuzzier, etc.
- Good working knowledge of web technologies, solutions and attack vectors that apply to application technologies, such as OWASP.
- Experience with threat modelling methodologies.
- Experience with security source code review or development experience in C/C++, C#, VB.NET, ASP, or Java.
- Familiar with application reverse engineering techniques and procedures.
- Good working knowledge of IDS and AV evasion techniques.
- Working experience in a MDR Centre, Security Operations Centre (SOC), Managed Security Service (MSS), or enterprise network environment preferred.
OUR COMMITMENT TO YOU
We value our people and have the mission to attract and retain exceptional talent. We work in a truly agile environment where opinions are encouraged collaboration…. everyone has an opinion….opinions are valued…..and have no time for finger pointing and politics, instead we test & learn and celebrate successes as a team.
We will provide a training and coaching program to all our team members, tailored to your development needs and aspirations. This can cover a wide range of skills, like mastering new technologies, further developing your skills in presenting to a non-technical audience or supporting you to grow in a leadership position.
OUR OFFER
Employee Provident Fund – Annual Bonus - Annual health check-up - Medical Service @Workplace – Medical Expense Reimbursement - Health & Life Insurance - Fitness, Spa, Day care – Employee Privileges – Employee Loan - Education Loan - Scholarship for Employees' Children - Learning Center - Staff Activities - Smart Casual
Tags: Agile Automation C C++ CEH CISA CISM CISSP Compliance Cyber crime Exploit GCFA GCIA GCIH GPEN GWAPT IDS Java OWASP Pentesting Reverse engineering SOC Threat intelligence UNIX Vulnerabilities Windows
Perks/benefits: Career development Fitness / gym Salary bonus
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open Cybersecurity Consultant jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open Forensics-related jobs
- Open Kubernetes-related jobs