Brac Bank PLC is looking for Manager, Offensive Security & Research 2026 in Dhaka
Job Responsibilities:
- Conduct comprehensive manual and automated penetration testing of web, mobile and API to uncover application-layer vulnerabilities.
- Analyze architectural weaknesses and validate findings to eliminate false positives.
- Produce high-quality technical reports and guide development teams through remediation.
- Develop custom scripts, payloads, and exploits to test the limits of existing security controls.
- Perform penetration testing on networks, operating systems, and network devices to harden infrastructure.
- Map external attack surfaces and collaborate with stakeholders to minimize exposure.
- Build capabilities to audit, analyze, and manage Software Composition Analysis (SCA) and Software Bill of Materials (SBOM).
- Research emerging technologies, novel attack vectors, and advanced persistent threat (APT) techniques.
- Evaluate AI/ML models, pipelines, and integrations for unique vulnerabilities like prompt injection and data poisoning
- Embed automated security testing, tooling, and continuous feedback loops into CI/CD development pipelines.
- Evaluate risks and develop security standards, procedures, and controls to manage risks.
- Ensure organizational adherence to regulatory frameworks such as ISO 27001, NIST, PCI-DSS or GDPR. Manage audit preparation, evidence collection, and gap assessments.
- Stay informed about cyber trends, threats, and vulnerabilities to proactively address potential security risks.
Location:
BangladeshBenefits
Visit the official link
Eligibilities
Job Requirements:
- Post Graduation/graduation from a UGC-approved university with a satisfactory academic track record, preferably in Computer Science, Cybersecurity, or a related field.
- Minimum 8 -10 years of working experience in Information Security or a minimum of 6 years’ experience in Application/Database/Offensive Security as primary responsibility.
- Strong knowledge of web, mobile, and API security (OWASP Top 10, CWE/SANS Top 25), cloud security (AWS/GCP/Azure), CI/CD environments and DevSecOps practices.
- One or more of the following professional certifications are expected, e.g. OSCP, CEH, CRTO, CRTE, LPT, OSWE, GWAPT, CSSLP etc.
- Deep understanding of network protocols, operating systems, and cloud environments.
- Advanced proficiency with industry tools like Burp Suite, Metasploit, Cobalt Strike, and various open-source security frameworks.
- High proficiency in programming or scripting languages like Python, Bash, Go, or .NET for tooling and automation.
- Knowledge of secure software design principles and Secure SDLC methodologies.
- Proficient in at least one programming language (e.g., Java, Python, JavaScript, .NET, LLM).
- Excellent interpersonal, presentation, verbal and written communication skills with the ability to document and explain processes and procedures to business and technical stakeholders.
- Customer-centric, self-motivated, a team player, and capable of meeting deadlines.
Application Process
To apply click, “Apply Now” or visit the official link.
Application Deadline: June 14, 2026 (8 Hours Remaining)
Apply nowOfficial linkFor Further Queries
Visit the official link
Disclaimer: Youth Opportunities spreads opportunities for your convenience and ease based on available information, and thus, does not take any responsibility of unintended alternative or inaccurate information. As this is not the official page, we recommend you to visit the official website of opportunity provider for complete information. For organizations, this opportunity is shared with sole purpose of promoting “Access to Information” for all and should not be associated with any other purposes.
