IT Security Specialist, Pentest

• Provide the excellent supports on overall aspects of Information Security, IT Governance, IT Risk and IT Assurance.
• Operate a hands-on role involving penetration testing and vulnerability assessment activities of complex applications, operating systems, wired and wireless networks, and mobile applications/devices on regularly basis to identify vulnerability across several systems.
• Analyze security policies configuration and provide recommendation based on industry best practices.
• Produce actionable, threat-based, reports on security testing results and present the finding to head of department and management ongoing basis. 
• Conduct physical assessments of servers, systems, and network device security.
• Coordinate and lead on external and internal penetration testing projects and provide promptly update to management
• Consult with application developers, systems administrators, and management to demonstrate security testing results, explain the threat presented by the results, and consult on remediation
• Promote information governance and security at all levels of management and employees, maintaining and developing a positive culture of compliance against industry standards and regulations;
• Identify and address a full range of issues from structure and policy, through to assisting in specific areas such as data privacy; data leakage prevention / monitoring; information rights management; third party security and cryptography;
• Develop and maintain security testing plans.

• Having 2 years of experiences on network, application or mobile pentest and security configuration review or working experiences in financial / telecom / auditing industry.
• Bachelor's Degree in Information Technology, Computer Science, and Software Engineering or a related qualification, and/or demonstrated capability through past employment experience;
• Over 2 years of experience within penetration test experience or security configuration review
• Qualified and holding skill related certification (CySA+, CHFI, OSCP, OSCE) or from equivalent recognized certification body.
• Proven experience of implementing an information security management system (ISMS);
• Proven ability to write easy to understand reports and deliver presentations on information risk management, systems process control and IT general control review reports;
• Proven ability to work and communicate effectively and fluently with managers and staff, including the ability to explain complex technical issues in terms that non-technical managers and staff will understand;