Robi is hiring Manager, DevSecOps, Red Team, New Core Planning ,2022 in Dhaka
- Highly skilled and very proficient vulnerability assessments, penetration testing, Red Team assessments
- Exploit vulnerabilities of Internet exposed and internal systems in a controlled environment
- Participate in red team engagements for the internal & public facing systems
- Utilize Threat Modelling methodologies to identify threats
- Focus on designing, researching, and executing real world attacks
- Perform the relevant activities both manually and leveraging automated tools
- Documenting technical issues identified during security assessments;
- Analyze protection and monitoring gaps of the system, provide actionable steps for closing these gaps
- Perform adversary simulation attacks to the systems to measure the ability to defend against advanced threats
- Explain Technical vulnerabilities and their impact to technical and non-technical audience
- Guide development team on secure software development as part of DevSecOps practice
Robi Axiata Limited is a public limited company, where Axiata Group Berhad of Malaysia holds the controlling stake of 61.82%, Bharti Airtel of India holds 28.18%, and general public holds the remaining 10% stake. The company made its debut in the country’s twin stock markets in Dhaka and Chattogram on the 24th of December 2020 with the largest ever IPO.The company commenced operation in 1997 as Telekom Malaysia International (Bangladesh) with the brand name ‘Aktel’. In 2010, it was rebranded as ‘Robi’ and the company changed its name to Robi Axiata Limited.
Check the official link
- Experience in information security with web application and network penetration testing experience independently or with red team experience
- Experience in performing network/application/mobile application/wireless penetration testing using tools or manual testing with various testing techniques.
- Hands-on experience with two or more scripting languages such as Python, Powershell, Shell, or Ruby
- Experience with full-stack (Linux / Unix) software architectures from UI to infrastructure.
- Experience with micro-service, API-based agent, or service-oriented software architectures.
- Operations experience with CI/CD development or managing distributed systems
- Web service assessment experience with authentication controls, session management, access controls, logic flaws, injection vulnerabilities, request smuggling, cloud privilege escalation, DOS attacks
- Initial reconnaissance – open source intelligence (OSINT) for collecting information on the target.
- Experience with one or more IT security compliance frameworks, such as CIS, NIST, SOC2, PCI, GDPR, FISMA, HIPAA, FEDRAMP, or HITRUST
- Passionate about internet security issues and the threat landscape for popular software & services with the ability and desire to root-cause, mitigate, and explore deeper.
- Experience in the evasion of monitoring & alerting systems(SIEM generated alerts, HIDS, EDR, Honeypots)
- Strong understanding of security principles, policies, and industry best practices
- Demonstrating knowledge of threat actors and the ability to replicate the tactics, techniques and procedures leveraged by adversaries
- Relevant expertise in different areas like Active Directory, Operating systems
- Experience with AWS or similar enterprise cloud and in containerized computing platforms
- Explore the security vulnerabilities through White Box, Black Box, Gray Box ethical hacking
- Experience with serverless architectures, and common virtualization techniques (hypervisors/containers/jails) and escapes/exploits from these environments.
- Will be considered as added advantage having the Certification: OSCP/CEH/OSWP/OSCE/OSEE/OSWE/CISSP/CREST
- Excellent written & oral communicating skill
- CI/CD pipelines
- Team Player
- Business Communication skills
To apply click “Apply now” or visit the official link
Application Deadline: January 31, 2022Application ClosedOfficial link