Expert Cyber Security & Software PEN Tester
JAZZ – Digital Financial Services
Last Date to Apply: Sunday, 16th February 2020
As one of the leading employers in the country, Jazz epitomizes the philosophy that each Jazz employee is passionately living a better every day inspired and enabled by visionary leadership, a unique professional culture, a flourishing lifestyle, and continuous learning and development.
Our Team & You
As one of the largest private sector organizations in Pakistan, our objective is to continue to change the lives of our 57 million+ customers for the better. This is an opportunity for someone who wants to be part of something transformative, someone who can play a critical role in driving our success. Together, we can empower millions more with the tools necessary to progress in an increasingly digital economy.
What the first 30-60-90 days in the job will look like?
-Within 30 days you will:
· Attend and graduate from our company-wide on boarding process along with a detailed orientation program where you will learn about Jazz’s core values, business, and products
· Meet the relevant stakeholders concerning your team.
· Develop understanding of your division, function, its structure, and your role within the team.
· Develop understanding of information security policies and procedures.
-Within 60 days, you will:
· Get to know your relevant stakeholders e.g. business, infrastructure, compliance, bank, product development, architecture, finance and fraud management, revenue assurance, AML teams.
· Recommend ways to develop a robust application security architecture.
· Recommend ways to analyze different cyber frauds/breaches and develop countermeasure controls.
· Recommend ways to avoid security loopholes to software development & architecture team.
· Analyze existing applications and platform and share recommendations with team to mitigate the issues.
-Within 90 days to onwards you will:
· Perform full vulnerability assessment and penetration testing of all applications.
· Involved, investigating information security / finance related incidents and identifying loopholes in impacted system/application
· Become a leading member of incidence response team in case of security breach or frauds due to application flaws.
· Make a plan to interrupt each requirement phase for each new product and suggest information security recommendations to all stakeholders
A Bit about You:
We are looking for someone who has delivered on challenging projects and has taken end-to-end responsibility from planning to production. Prior experience of Mobile Financial Services, Banking / Telecom industry will be an added advantage.
We are looking for someone who have BS/MS in information security and should have 5-6 years of experience with information security practices. Application security management, vulnerability management, system hardening techniques, application penetration testing; these skills are key to meet the performance expectations for this role. Should have Excellent verbal and written communications skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences with Professional security certification, such as Certified ethical hacker (CEH), Computer Hacking Forensic Investigator (CHFI), Penetration testing certificate, Offensive Security Certified Professional (OSCP).
· Will design, develop and maintain a robust application security framework
· Will identify loopholes in the developer/security systems of built servers, web portals/dashboards, user applications of Jazz.
· Ensures the security / data protection for applications vulnerable to external hackers.
· Detects bugs/errors embedded in the source code of android/iOS/other language based apps.
· Analyze the communication path/matrix of applications to track host servers and IP addresses accordingly.
· Performs relevant preventive measures to protect leakage of confidential/sensitive information.
· Reports cyber scams, phishing /malicious links/ contents and financial fraudulent activities with relevant evidences to concerned authorities. These responsibilities are carried out WITH the objective ensure safety of confidential and sensitive organizational data and prevention from Internet scams and frauds accordingly for smooth business processes WITHIN the limits of organization’s SOP, departmental KPIs and operating frameworks, directions and guidelines from supervisor and line managers.
A Bit about Us:
· DFS Technology team comprises of the following sub-teams.o Product Development
o Product Architecture
o Software Development
o Service Operations
o Service Assurance & Monitoring Team.
o Information Security Team
· IS Team members will be response for end-to-end security of DFS/JazzCash platform that includes developing procedures, application security, network security, system security, end-point security, logs monitoring, vulnerability assessment, PEN testing security awareness, incident detection and response.
The structure of the team you will join is:
· Reporting to Manager Service Assurance with responsibility to ensure information security compliances of all DFS applications and related platforms along with ensuring Penetration Testing of all changes/new features before and after deployment as need may be.
The two (02) main priorities of the team as a whole are:
· Planning and delivery of security project.
· Strong Governance with effective reporting of security KPIs
To collaborate and produce effective business results, the role requires
· Teamwork & collaboration.
· Vision and strategic thinking.
· The ability to build strong relationships with External Teams: Convinces to adapt secure coding practices and testing post application development to avoid frauds and prevent leakage of confidential information accordingly.
· The ability to build strong relationships with Internal Teams: Elaborates the technical terminologies to explain the processes for application/system penetration for detection of viruses/bugs in the system.
The two (02) specific tasks that team was working on in the last 6 months with results.
· Cyber Security Incident Management
· Vulnerability assessment and penetration testing.
Must have qualifiers for the candidate are
· Computer Software or IT graduate/Masters.
· Practical experience of Vulnerability assessment, System hardening and OS Patching.
· Penetration testing experience of Applications/Software solutions.
· Must have hands on experience on information security audit tools such as Nessus etc.
Must have technologies knowledge the candidate should have.
· Payment Gateway – Must have taken part in 1 PCI DSS / PA-DSS Compliance activity
· Mobile and software applications
· Biometric solutions and devices
· Perl / Python / PHP
· BASH / PowerShell / WMI Scripting
Essential skills must have:
· Security risk management
· PEN Testing Skills.
· In-depth knowledge of Vulnerability assessment and penetration testing.
· Detailed knowledge of Incident handling & Management.
· Detailed knowledge of malware analysis (static, dynamic, reverse engineering).
· Deep understanding of Information Flow.
· In-depth knowledge of Information & Network Security.
· Sound knowledge of identity & access management solutions.
· In depth knowledge of Security Incidents and Event Management Solutions, logs correlation and threat hunting.
Working at the VEON GROUP demands a high standard of business ethics and adherence to our legal obligations, our values and our Code of Conduct and supporting compliance policies and procedures. Our pioneering spirit is embodied in our values to be customer obsessed, entrepreneurial, innovative, collaborative, and truthful. Being truthful requires us to act ethically, honestly, and with integrity.