As per company policy.
B.Sc. in Computer Science/IT/ Engineering or related from any reputed university.
M. Sc in in Computer Science/IT/Related will be considered additional point
Experience in information security with web application and network penetration testing experience independently or with red team experience
Experience in performing network/application/mobile application/wireless penetration testing using tools or manual testing with various testing techniques.
Hands-on experience with two or more scripting languages such as Python, Powershell, Shell, or Ruby
Experience with full-stack (Linux / Unix) software architectures from UI to infrastructure.
Experience with micro-service, API-based agent, or service-oriented software architectures.
Experience with one or more IT security compliance frameworks, such as CIS, NIST, SOC2, PCI, GDPR, FISMA, HIPAA, FEDRAMP, or HITRUST
Experience in the evasion of monitoring & alerting systems (SIEM generated alerts, HIDS, EDR, Honeypots)
Relevant expertise in different areas like Active Directory, Operating systems
Experience with AWS or similar enterprise cloud and in containerized computing platforms
Experience with serverless architectures, and common virtualization techniques (hypervisors/containers/jails) and escapes/exploits from these environments.
Operations experience with CI/CD development or managing distributed systems
Web service assessment experience with authentication controls, session management, access controls, logic flaws, injection vulnerabilities, request smuggling, cloud privilege escalation, DOS attacks
Initial reconnaissance - open source intelligence (OSINT) for collecting information on the target.
Passionate about internet security issues and the threat landscape for popular software & services with the ability and desire to root-cause, mitigate, and explore deeper.
Strong understanding of security principles, policies, and industry best practices
Demonstrating knowledge of threat actors and the ability to replicate the tactics, techniques and procedures leveraged by adversaries
Explore the security vulnerabilities through White Box, Black Box, Gray Box ethical hacking
Will be considered as added advantage having the Certification: OSCP/CEH/OSWP/OSCE/OSEE/OSWE/CISSP/CREST
Excellent written & oral communicating skill
Business Communication skills
Highly skilled and very proficient vulnerability assessments, penetration testing, Red Team assessments
Exploit vulnerabilities of Internet exposed and internal systems in a controlled environment
Participate in red team engagements for the internal & public facing systems
Utilize Threat Modelling methodologies to identify threats
Focus on designing, researching, and executing real world attacks
Perform the relevant activities both manually and leveraging automated tools
Documenting technical issues identified during security assessments;
Analyze protection and monitoring gaps of the system, provide actionable steps for closing these gaps
Perform adversary simulation attacks to the systems to measure the ability to defend against advanced threats
Explain Technical vulnerabilities and their impact to technical and non-technical audience
Guide development team on secure software development as part of DevSecOps practice.
Robi Axiata, the 2nd largest mobile network operator in Bangladesh currently owned by two major stakeholders being Axiata and Bharti Airtel.
Robi is now hiring “Manager, DevSecOps, Red Team, New Core Planning”.
For Robi Users Call 121
For Non Robi Users Call 01819400400
Write Us Email firstname.lastname@example.org
Interested candidates may apply through the given link.
Published on: Thu 10 Mar 2022
Preferred Age: N/A
Gender: Both males and females are allowed to apply
Job Location: Dhaka, Bangladesh
Employment Type: Full-time
Application Deadline: Sun 20 Mar 2022