Vulnerability Analyst and Penetration Tester

Be A Part Of TDG

We aim to be an integral part of Thai consumers’ everyday digital activities. As the leading figure in this field, our highest objectives are to deliver integrated digital lifestyle, point and pay, and enable technology service provider in Thailand with regional presence. With our merchants covering all facets of daily lifestyle and transactions, we firmly believe that our key target of being the prime digital media and telco ecosystem is within our reach.

Why Work With Us?

To us, the word digital does not merely translate to technology, but it signifies something far more revolutionary and life-changing. As a start up corporation, we have prime leaders and experts from various industries that seek to enhance you professionally and grow together as a company. Accompanied by creative and data-minded specialists, we believe in extraordinary happenings.

TDG Cyber Security

Our team's mandate is to provide world-class service in Cyber Security as the leading Cyber Security service provider in Thailand and ASEAN Market. You will be joining TDG's Cyber Security team to protect our clients from cybercrime and support multifaceted countermeasures against cyber attacks by Threat Intelligence and remediation automation.

Key Responsibilities

• Performs security vulnerability assessment and penetration testing of internal, perimeter, external and wireless network and web and mobile applications.
• Identifies security weaknesses and vulnerabilities, and non-compliance within the MDR Centre constituency.
• Characterizes threats and provides recommendation for remediation.
• Advises appropriate business units on technical configuration and process changes, remediation and best practices to adapt to changing threat, vulnerabilities and new attack methods.
• Conducts follow up assessment to ensure proper action has been taken.
• Researches and develops testing tools, technique and process.
• Maintains, executes and refines processes to monitor, collect and update information about threats and vulnerabilities

Qualifications

• Bachelor degree in a related field such as information security, management or computer engineering.
• Experience in security incident management and response, threat modelling, penetration testing and/or secure application development.
• Active OSCP, GPEN, GWAPT, GXPN, CEH, ECSA, LPT certifications good to have.
• Other relevant certifications (such as GCIH, GCIA, GCFA and others) desirable.
• Experience in architecture design and assessment (manual approach to penetration testing).
• Good working knowledge of security concepts for both Windows and Unix related operating Systems.
• Familiar with application and infrastructure vulnerabilities.
• Experience with exploit research and mitigation.
• Good working experience using various assessment tools, such as scanners, administrative utilities, local proxies, debuggers, fuzzier, etc.
• Good working knowledge of web technologies, solutions and attack vectors that apply to application technologies, such as OWASP.
• Experience with threat modelling methodologies.
• Experience with security source code review or development experience in C/C++, C#, VB.NET, ASP, or Java.
• Familiar with application reverse engineering techniques and procedures.
• Good working knowledge of IDS and AV evasion techniques.
• Working experience in a MDR Centre, Security Operations Centre (SOC), Managed Security Service Provider (MSSP) or enterprise network environment preferred