Expert Cyber Security Application & Pen Tester
JAZZ – Technology
Last Date to Apply: 10th October 2019
As one of the leading employers in the country, Jazz epitomizes the philosophy that each Jazz employee is passionately living a better every day inspired and enabled by visionary leadership, a unique professional culture, a flourishing lifestyle, and continuous learning and development.
Our Team & You
As one of the largest private sector organizations in Pakistan, our objective is to continue to change the lives of our 57 million+ customers for the better. This is an opportunity for someone who wants to be part of something transformative, someone who can play a critical role in driving our success. Together, we can empower millions more with the tools necessary to progress in an increasingly digital economy.
What the first 30-60-90 days in the job will look like?
-Within 30 days you will:
Attend and graduate from our company-wide on boarding process along with a detailed orientation program where you will learn about Jazz’s core values, business, and products
Meet the relevant stakeholders concerning your team
Develop understanding of your division, function, its structure, and your role within the team.
Develop understanding of information security policies and procedures.
-Within 60 days, you will:
Get to know your relevant stakeholders e.g. business, infrastructure, commercial, finance and fraud management.
Recommend ways to develop a robust application security architecture.
Recommend ways to analyse different cyber frauds/breaches and develop countermeasure controls.
-Within 90 days to onwards you will:
Perform full vulnerability assessment and penetration testing of all applications.
Involved, investigating information security / finance related incidents and identifying loopholes in impacted system/application
Become a leading member of incidence response team.
Suggest information security recommendations to all stakeholders
A Bit About You:
We are looking for someone who has delivered on challenging projects and has taken end to end responsibility from planning to Production.Prior experience of banking / telecom industry will be an added advantage.
We are looking for someone who have BS/MS in information security and should have 5-6 years of experience having sound penetration testing, application security architecture, incident management skills; these skills are key to meet the performance expectations for this role. Should have Excellent verbal and written communications skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences with Professional security certification, such as Certified ethical hacker (CEH), Computer Hacking Forensic Investigator (CHFI), Penetration testing certificate, Offensive Security Certified Professional (OSCP).
· Will design, develop and maintain a robust application security framework
· Will identify loop holes in the developer/security systems of built servers, web portals/dashboards, user applications of Jazz.
· Ensures the security / data protection for applications vulnerable to external hackers.
· Detects bugs/errors embedded in the source code of android/iOS/other language based apps.
· Analyse the communication path/matrix of applications to track host servers and IP addresses accordingly.
· Performs relevant preventive measures to protect leakage of confidential/sensitive information.
· Reports cyber scams, phishing /malicious links/ contents and financial fraudulent activities with relevant evidences to concerned authorities. These responsibilities are carried out WITH the objective ensure safety of confidential and sensitive organizational data and prevention from Internet scams and frauds accordingly for smooth business processes WITHIN the limits of organization’s SOP, departmental KPIs and operating frameworks, directions and guidelines from supervisor and line managers.
A Bit About Us:
The Cyber Security team is part of the Technology Department within the Cyber Security, Governance & Technology Compliance Division. The team is responsible for managing Information Security portfolio at Jazz. The Cyber Security is responsible for end to end security of jazz that includes developing policy, procedures, application security, network security, system security, end point security, logs monitoring, vulnerability assessment, security awareness, incident detection and response.
The structure of the team you will join is:
· A 05-member team (including the department head) with responsibility of Cyber Security IT & Network planning and Governance, Applications Assurance and Incident Response
· You will be part of a 3-members team reporting to a Stream Head Cyber Security.
The two (02) main priorities of the team as a whole are:
· Planning and delivery of security project.
· Strong Governance with effective reporting of security KPIs
To collaborate and produce effective business results, the role requires
Team work & collaboration.
Vision and strategic thinking.
The ability to build strong relationships with External Teams: Convinces to adapt secure coding practices and testing post application development to avoid frauds and prevent leakage of confidential information accordingly.
The ability to build strong relationships with Internal Teams: Elaborates the technical terminologies to explain the processes for application/system penetration for detection of viruses/bugs in the system.
The two (02) specific tasks that team was working on in the last 6 months with results.
Cyber Security Incident Management
Vulnerability assessment and penetration testing.
The three (03) must have past experiences the candidate should have.
BS/MS in information security
Practical experience of Vulnerability assessment and penetration testing of banking / Telco sector
Incident management and threat hunting.
The 4 must have technologies the candidate should have.
Perl / Python / PHP
BASH / PowerShell / WMI Scripting
Essential skills must have:
Security risk management
In-depth knowledge of Vulnerability assessment and penetration testing.
Detailed knowledge of Incident handling & Management.
Detailed knowledge of malware analysis (static, dynamic, reverse engineering).
Deep understanding of Information Flow.
In-depth knowledge of Information & Network Security.
Sound knowledge of identity & access management solutions.
In depth knowledge of Security Incidents and Event Management Solutions, logs correlation and threat hunting.
Working at the VEON GROUP demands a high standard of business ethics and adherence to our legal obligations, our values and our Code of Conduct and supporting compliance policies and procedures. Our pioneering spirit is embodied in our values to be customer obsessed, entrepreneurial, innovative, collaborative, and truthful. Being truthful requires us to act ethically, honestly, and with integrity.