(B) Sr. Security Consultant, Threat & Vulnerability Management

•  Provide technical expertise required to carry out internal and external security assessment exercises.
•  Perform vulnerability assessment, penetration testing, web and mobile application testing, source code review and wireless network assessments.
• Manage and participate in all stages of a Vulnerability Management including planning, scanning, tracking and remediation.
• Champion security research activities and planning required to carry out successful vulnerability assessment operations.
• Create and provide executive reports and presentations to non-technical audience, highlighting outcomes of security assessment exercises, recommendations and remediation timelines.
• Work with external parties to coordinate and / or conduct security assessments.
• Support compliance objectives; to meet BNM and PCI-DSS standards.
• Define and develop agenda for training and educating security professionals on Application Pentesting.
• Improve, update and maintain SOP and Security Assessment Guidelines.
• Support VA related Operational Readiness activities required for new assets.
• Assist in on-going audit exercises and act as a pivotal person to handle audit inquiries coming from external auditors and business units

Competencies:

• Bachelor's degree in Computing/Information Technology or equivalent
• The incumbent should preferably have 3-5 years of experience in a Banking industry or similar environment, e.g. a demanding service industry where employees are able to work under pressure.
• 3-5 years' experience in at least three of the following:

1. Network penetration testing and manipulation of network infrastructure 
2. Mobile and/or web application assessments  Vulnerability Assessment
3. Shell scripting or automation of simple tasks using Perl, Python, or Ruby
4. Developing, extending, or modifying exploits, shellcode or exploit tools
5. Developing applications in C#, ASP, .NET, ObjectiveC, Go, or Java (J2EE)
6. Reverse engineering malware, data obfuscators, or ciphers
7. Source code review for control flow and security flaws

• Be fluent with common security vulnerabilities, design and configuration flaws, and security best practices.
  
• Strong knowledge of tools used for wireless, web application, and network security testing.
  
• Experience with one or more security tools and products (Nessus, Qualys, Acunetix, Kali, Metasploit, Nmap, Burpsuite, etc.)
  
• Demonstrate proficiency in performing application security testing using both automated and manual approaches;
  
• Thorough understanding of network protocols, data on the wire, and covert channels.
  
• Mastery of Unix/Mac/Windows operating systems, including bash, and Powershell.
  
• Highly self-motivated and driven.
  
• Ability to act calmly and competently in high-pressure, high-stress situations and Standby.
  
• Ability to document and explain technical details in a concise, understandable manner.
  
• Strong presentation skills with proven ability to successfully interface with and influence at all levels (management, executive, technical staff and end user).
  
• Possess Any of the following security certifications: OSCP, OSCE, CISSP, CISM, GIAC (GXPN, GWAPT, GPEN, GMOB), CREST Certified Simulated Attack Specialist (CCSAS), CREST Registered Penetration Tester (CRPT)
  
• Strong oral and written communication skills in English are required.
  
• Ability to translate technical vulnerabilities into business risk terminology for business units and recommend corrective actions to customers and project stake-holders.