Robi is hiring General Manager, DevSecOps, New Core Planning 2022 in Dhaka
- Manage a team of highly skilled offensive security professionals of DevSecOps/RedTeam having application security assessments in continuous software development cycle maintaining the quality deliver.
- Lead & Participate in managing internal attack to internal/public facing systems, development of internal toolsets and applications to support the team.
- Lead and participate exploiting vulnerabilities of Internet exposed and internal systems in a controlled environment
- Should be highly skilled and very proficient in vulnerability assessments, penetration testing, Red Team assessments
- DevSecOps/Red Team capability development – tools, techniques and tradecraft;
- Scoping and managing various penetration testing assessments
- Explain Technical vulnerabilities and their impact to technical and non-technical audience
- Develop methodologies to extrapolate from Red Team insights to generic security assurance checks
- Guide development team on secure software development as part of DevSecOps practice
- Organize, adapt & ensure DevSecOps best practice among the relevant stakeholders
Robi Axiata Limited is a public limited company, where Axiata Group Berhad of Malaysia holds the controlling stake of 61.82%, Bharti Airtel of India holds 28.18%, and general public holds the remaining 10% stake. The company made its debut in the country’s twin stock markets in Dhaka and Chattogram on the 24th of December 2020 with the largest ever IPO.The company commenced operation in 1997 as Telekom Malaysia International (Bangladesh) with the brand name ‘Aktel’. In 2010, it was rebranded as ‘Robi’ and the company changed its name to Robi Axiata Limited.
Check the official link
- B.Sc. in Computer Science/IT/ Engineering or related from any reputed university.
- M. Sc in in Computer Science/IT/Related will be considered additional point
- Experience leading other consultants as a direct manager or as a leader of a team on a penetration testing assessment
- Six or more years of experience in performing network/application/mobile application/wireless penetration testing
- Good knowledge of network, application, and wireless security testing to include using tools, manual testing, and various testing techniques.
- Experience with full-stack (Linux / Unix) software architectures from UI to infrastructure.
- Experience with micro-service, API-based agent, or service-oriented software architectures.
- Operations experience with CI/CD development or managing distributed systems
- Web service assessment experience with authentication controls, session management, access controls, logic flaws, injection vulnerabilities, request smuggling, cloud privilege escalation, DOS attacks
- Initial reconnaissance – open source intelligence (OSINT) for collecting information on the target.
- Experience with one or more IT security compliance frameworks, such as CIS, NIST, SOC2, PCI, GDPR, FISMA, HIPAA, FEDRAMP, or HITRUST
- Passionate about internet security issues and the threat landscape for popular software & services with the ability and desire to root-cause, mitigate, and explore deeper.
- Experience in the evasion of monitoring & alerting systems (SIEM generated alerts, HIDS, EDR, Honeypots)
- Strong understanding of security principles, policies, and industry best practices
- Demonstrating knowledge of threat actors and the ability to replicate the tactics, techniques and procedures leveraged by adversaries
- Relevant expertise in different areas like Active Directory, Operating systems
- Experience with AWS or similar enterprise cloud and in containerized computing platforms
- Explore the security vulnerabilities through White Box, Black Box, Gray Box ethical hacking
- Experience with serverless architectures, and common virtualization techniques (hypervisors/containers/jails) and escapes/exploits from these environments.
- Excellent Java development skills using J2SE / J2EE, Springboot Microservices (Rest API).
- Hands on Experience on Various Security Tools as part of Devsecops with SAST and DAST tools.
- Experience in performing Software Quality & security testing.
- Will be considered as added advantage having the Certification: OSCP/CEH/OSWP/OSCE/OSEE/OSWE/CISSP
To apply click “Apply now” or visit the official link
Application Deadline: January 31, 2022Application ClosedOfficial link