Audit Cybersecurity Specialist (Penetration Tester)

Jago is a fully digital bank that breaks all of the stereotypes! It puts modern technology at its core, delivering meaningful and reliable services that redefine what it means to manage money. We are pushing boundaries to deliver solutions that will change the lives of millions of users. Jago empowers you as a Cybersecurity assurance specialist to think creatively to solve problems that might not usually push to the limelight but are very much relevant and critical to the growth of our customers.

At Jago, you will be working together with highly motivated people with diverse backgrounds. From the finance industry such as banking and payment, to lifestyle such as e-commerce and consumer electronics. What we have in common is the drive to make something exciting and transformative in a way of opening up new possibilities of what a bank app should be able to.

Internal Audit Cybersecurity Assurance has a unique role in which you are responsible to provide core assurance over the cybersecurity health of the company, to help the organization move at full speed, yet being reassured that safety protocols are always in tack.

Key Accountabilities

• Validate appropriate implementation of cybersecurity controls.
• Acts as a trusted advisor to the IT / Cybersecurity organization and management.
• Work closely with security experts from multiple industries to improve their solutions by tackling the root cause of the issues and find innovative solutions to modern challenges
• Conduct research on latest developments in IT security technologies and threats.
• Perform ethical hacking activities (e.g., mobile/web application pentest, infrastructure testing, including custom assessments etc.) as part of the cyber security audit, and design attack scenarios for state-of-the-art technologies.
• Participates in a broad range of review and assurance activities to assess the cybersecurity posture of the Bank and identify control weaknesses.
• Highlight important observations, translate technical findings into management information so that they can take effective actions.

Qualifications

• Experience with security penetration testing tools e.g. Nessus, Metasploit, Burp Suite etc.
• Demonstrated experience in capture the flag (CTFs) events, bug hunting or vulnerability research (CVEs) is a plus.
• Experience with various operating systems i.e.: Linux, Unix, Windows, as well with languages like Bash, Python, Ruby, Powershell, Java, and C++ / C# etc.
• Knowledge and experience of Cloud security and Container security.
• Practical experience on DevSecOps tools like Puppet, Jenkins, Git, Docker, or Kubernetes, SAST, DAST, etc.
• 5 years of working experience as Information Security Specialist, Pentester or IT Auditors.
• Professional security certification(s) such as CISA, CISSP, OSCP, GIAC will be an advantage
• Experience with one or more of the following aspects: application and software security, blue / red teaming, industrial security controls, network security, IT operations, penetration testing, risk and vulnerability assessment, investigative techniques, authentication and access management systems, etc.
• Knowledge on standard and advanced defense & remediation techniques and processes (i.e. OWASP, NIST, ATT&CK)