Cyber Assurance Testing - Singapore - UBS

UBS
UBS
Verified Company
Singapore

1 week ago

Wei Jie

Posted by:

Wei Jie

beBee Recruiter
Description
Singapore

  • Information Technology (IT)
  • Group Functions

Job Reference #

BR

City

  • Singapore

Job Type

  • Full Time

Your role

  • This is an excellent opportunity for a strong and forwardlooking red teamer (adversary attack simulation) to join a worldclass red teaming capability at UBS. The successful Red Team Tester will join a team of testers and will contribute to the bank's efforts in adopting and maintaining a systemwide view of threatdriven risks, with the goal of working with senior management to control these risks.
  • Duties & Responsibilities include:
  • Work with Cyber Threat Intelligence function to develop red team scenarios consistent with real attacks as well as business lines understanding their threats
  • Work with Security Operations function to ensure a smooth execution of testing activities (e.g. red/purple teaming, competitive cyber games, etc.)
  • Plan and execute redteam exercises by replicating, in a safe way, the tactics, techniques and procedures of threat actors, including periodic reporting of progresses to stakeholders
  • Develop and submit detailed reports of findings, analysis and recommendations
  • Coordinate Red Team operational briefings and presentations to nontechnical audience and executive management, as required
  • Provide Information and Cyber Security technical expertise to the CIS Attack Testing Team and to the Cyber & Information Security (CIS) function overall.

Your team

  • You will be working closely with the global CIS Attack Testing Team, with presence in Israel, Singapore, Zurich and the US.

Your expertise

  • At least 6 years of experience with increasing responsibility in Information Technology, Information and Cyber Security and Compliance that includes a combination of hands on/technical and project leadership skills
  • Minimum of 4 years' experience executing penetration testing / red team testing assessments of highconsequence systems (including execution of CBEST/ iCAST exercises and alike)
  • In depth knowledge of enterprise architectures and operations
  • Detailed and uptodate knowledge of threat and vulnerability management techniques and tools
  • Strong knowledge of e.g. OSI Model, MITRE ATT&CK Framework, Firewalls, IDS/IPS, Web Proxies and DLP amongst other
  • Well versed in a wide range of security tools like Burp, Nessus, Metasploit, Empire, Cobalt Strike, etc. and familiarity with common reconnaissance, exploitation, and post exploitation frameworks
  • An inquisitive mind and passion for security researching
  • Knowledge of exploit crafting/handling/development, malware packing, delivery and obfuscation/evasion techniques
  • Ability to automate tasks using a scripting language (Python, Perl, Ruby, etc)
  • Strong knowledge of networking protocols and packet analysis
  • Able to operate at an advanced level of written and spoken communication in English; write and speak effectively with impact
  • Strong project management skills

Desired Background:

  • B.Sc. / M.Sc. in Computer Science, Computer Engineering, Information Security or equivalent
  • ISC2 Certified Information System Security Professional (CISSP)
  • One or More certifications related to Red Team Qualifications / and or Cyber Security such as:
  • CREST Certified Simulated Attack Manager (CCSAM) or CREST Certified Simulated Attack Specialist (CCSAS)
  • Highly preferred
  • Offensive Security (OSCE, OSCP)
  • CREST Registered Penetration Tester
  • GIAC Exploit Researcher and Advanced Penetration Tester (GXPN), GIAC Penetration Tester (GPEN), GIAC Web Application Penetration Tester (GWAPT)
  • Certified Ethical Hacker (CEH)
  • CompTIA PenTest+
  • GIAC Penetration Tester (GPEN)
  • Offensive Security Certified Professional (OSCP)
  • Certified Penetration Tester (CPT)
  • Systems Security Certified Practitioner (SSCP)
  • CompTIA Advanced Security Practitioner (CASP+)
  • GIAC Certified Incident Handler (GCIH)
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Systems Auditor (CISA)
  • Certified Information Security Manager (CISM)

About us

  • UBS is the world's largest and only truly global wealth manager.

We operate through four business divisions:
Global Wealth Management, Personal & Corporate Banking, Asset Management and the Investment Bank. Our global reach and the breadth of our expertise set us apart from our competitors.

  • With more than 70,000 employees, we have a presence in all major financial centers in more than 50 countries. Do you want to be one of us?

How we hire

Join us

  • At UBS, we embrace flexible ways of working when the role permits. We offer different working arrangements like parttime, jobsharing and hybrid (office and home) working. Our purposeled culture and global infrastructure help us connect, collaborate, and work together in agile ways to meet all our business needs.
  • From gaining new experiences in different roles to acquiring fresh knowledge and skills, we know that great work is never done alone. We know
More jobs from UBS
See all jobs of UBS