VAPT Engineer | RTC

I.        PURPOSE

To accomplish all assigned tasks by the management in a timely and effective manner as deemed necessary for the betterment of the organization as a whole.  

II.      DUTIES AND RESPONSIBILITIES

• Ensure the execution of services within the allocated budget hours or parameters defined by the Service Level Agreement.


• Obtain professional certifications and actively participate in relevant training sessions related to the provided services.


• Deliver high-quality services to clients with the goal of ensuring customer satisfaction.

Vulnerability Assessment and Penetration Testing

• Plan and execute Vulnerability Assessment (VA), Vulnerability Management (VM), Vulnerability Assessment and Penetration Testing (VAPT), Phishing Simulation, and Red Teaming activities.


• Evaluate the effectiveness of existing security controls and provide recommendations for improvements.


• Simulate real-world cyber-attacks to identify potential weaknesses.


• Prepare detailed reports on findings, and recommended remediation strategies.


• Communicate findings to technical and non-technical stakeholders in a clear and understandable manner.


• Work closely with cross-functional teams to integrate security best practices into development and operational processes.


• Collaborate with IT teams, developers, and system administrators to address and resolve security issues.


• Stay informed about the latest security threats, vulnerabilities, and industry best practices.

Digital Forensics and Incident Response

• Assist in conducting digital forensics investigations on various digital devices, including computers, servers, mobile devices, and network equipment.


• Utilize industry-standard forensic tools and techniques to acquire, analyze, and preserve digital evidence.


• Coordinate incident response efforts during cybersecurity incidents, including data breaches, malware infections, and unauthorized access.


• Implement incident response plans to contain and eradicate security incidents effectively.


• Collaborate with cross-functional teams to minimize the impact of incidents, providing guidance on corrective actions.


• Prepare detailed and well-documented reports outlining findings, methodologies, and recommendations.


• Contribute to post-incident reports, sharing insights and lessons learned for continuous improvement.

III.    QUALIFICATIONS

A.    Minimum Education

• College Graduate or Diploma holder of any computer-related course.


• Preferably a degree in Information Technology, Engineering, or a related field.
  

B.    Minimum Experience/Training

• 1 years+ experience working in Vulnerability Assessment and Penetration Testing, Red Teaming or Security Operations particularly in Digital Forensics and Incident Response.


• Knowledge of ITIL, Infrastructure related technologies & understanding of business relevance of the technologies


• Experience working with IT systems and software related to Vulnerability Assessment and Penetration Testing, and Digital Forensics and Incident Response.

C.    Competency

• Effective team player with collaborative skills, capable of analyzing substantial technical data in a fast-paced environment.


• Strong problem-solving abilities, analytical skills, and effective time management.


• Positive, energetic, and enthusiastic demeanor with keen attention to detail.


• Excellent multitasking and task prioritization skills.


• Self-motivated, proactive, and customer-centric in approach.


• Quick learner with adaptability to dynamic working environments.


• Capacity to exercise judgment in high-pressure situations with minimal external guidance.


• Knowledge of cybersecurity and privacy principles.


• Familiarity with computer networking concepts, protocols, and security methodologies.


• Understanding of laws, regulations, policies, and ethics relevant to cybersecurity and privacy.


• Proficiency in risk management processes, encompassing methods for assessing and mitigating risk.


• Familiarity with cyber threats, vulnerabilities, and the operational impacts of cybersecurity lapses.


• Knowledge of traffic flows across the network, encompassing Transmission Control Protocol (TCP), Internet Protocol (IP), Open System Interconnection Model (OSI), and Information Technology Infrastructure Library (ITIL).


• Awareness of application vulnerabilities and system/application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, PL/SQL and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).


• Ability to perform penetration testing on network devices, servers, workstations, APIs and Web Applications.


• Skills in conducting vulnerability assessment, vulnerability management, phishing simulation, and red teaming activities.


• Knowledge of programming language structures and logic, including the ability to apply programming language structures (e.g., source code review) and logic.


• Understanding of MITRE ATT&CK Framework and NIST SP800-61.


• Knowledge in identifying, capturing, containing, and reporting malware.


• Familiarity with incident response procedures.


• Understanding of investigative implications related to hardware, operating systems, and network technologies.


• Knowledge in data carving tools and techniques, with awareness of anti-forensics tactics, techniques, and procedures.


• Knowledge of processing digital forensic data and reverse engineering concepts.


• Knowledge in malware analysis tools and binary analysis.


• Knowledge in preserving evidence integrity according to standard operating procedures or national standards.


• Knowledge in using digital forensics tools and conducting forensic analyses in multiple operating system environments.

D.    TRAININGS & CERTIFICATIONS (is a plus)

• CompTIA Network+, Security+


• EC-Council CEH, ECIH, CHFI, CSA, CTIA, ECSA, LPT, CPENT


• eLearnSecurity eJPT, eCPPT, eCPTx, eWAPT, eMAPT, eCIR, eCDFP,


• any other related certifications

IV.    WORKING CONDITIONS

• Probationary for 6 months


• Personal and professional development (certified training, on-the-job coaching & mentoring, career progression support)


• Shifting & Reporting to Office (will be WFH if advised by the management)