VP, Red Team, Group Information Security
Posting Date: 03-Oct-2021
Location: Alexandra, Singapore, SG
Company: United Overseas Bank Limited About UOB
United Overseas Bank Limited (UOB) is a leading bank in Asia with a global network of more than 500 branches and offices in 19 countries and territories in Asia Pacific, Europe and North America. In Asia, we operate through our head office in Singapore and banking subsidiaries in China, Indonesia, Malaysia and Thailand, as well as branches and offices.
Our history spans more than 80 years. Over this time, we have been guided by our values - Honorable, Enterprising, United and Committed. This means we always strive to do what is right, build for the future, work as one team and pursue long-term success. It is how we work, consistently, be it towards the company, our colleagues or our customers. About the Department
The Technology and Operations
function is comprised of five teams of specialists with distinct capabilities: business partnership, technology, operations, risk governance and planning support and services. We work closely together to harness the power of technology to support our physical and digital banking services and operations. This includes developing, centralising and standardising technology systems as well as banking operations in Singapore and overseas branches. Job Responsibilities
This is an excellent opportunity for a Red Teamer or an experienced Penetration Tester looking to advance their skills, to participate in a forward looking Red Team at a prominent regional bank.
The successful Red Team member will help to build and deliver red team operations, purple teaming exercises, pentests of the latest security products and contribute actively in the bank's efforts in adopting and maintaining an enterprise-wide view of threat-driven risks, with the goal of working with various stakeholders in the enterprise to manage these risks.
The candidate will need to have proven track record in advanced network, system and application exploitation and will be required to work independently or as part of the red team to execute threat simulations.
- Plan and execute red team operations and campaigns across the spectrum of people, processes and technologies.
- Develop techniques from the Mitre ATT&CK framework and perform purple teaming exercises working closely with the SOC team to enhance detection and prevention capabilities.
- Support the development of red teaming methods, operations and simulations within and across the enterprise to include cyber security, personnel security, operations security, facilities security, and third party vendors/service providers.
- Provide cybersecurity technical testing services, including network, system or application penetration test and vulnerability assessment through in-depth technical analysis and exploitation of vulnerabilities.
- Provide regular threat/risk updates, presenting findings and learnings from cyber-attacks, red team operations, and cyber-attack simulations within a context of overall risk to the enterprise.
- Work closely with existing technology infrastructure, business application and security teams, both to receive input and to provide practical and actionable threat intelligence.
- Evaluate, build and support a set of open-source and commercial security tools.
- Plan and manage third party red teaming and penetration tests.
Be a part of UOB Family
- Bachelor degree in Computer Science, Computer Engineering, Software Engineering or related discipline.
- OSCP and/or CREST CRT certified.
- Advanced certifications such as OSCE, OSEP, CRTE, OSEE, GXPN, CREST CCT and CCSAS would be an advantage.
- At least 8 years of IT experience, in which over 5 years are in the domain of technical security testing, preferably in a banking environment.
- Excellent infrastructure and web penetration testing skills.
- Ability to circumvent incident detection processes when conducting red team operations.
- Ability to build custom tools and exploits using one or more of the following: powershell, python or C#.
- Knowledge of the latest Cybersecurity tools and vulnerabilities.
- Experience in utilizing the Mitre ATT&CK framework would be an advantage.
- Reverse engineering and exploit development experience would be an advantage.
- Red teaming and purple teaming experience would be an advantage, but not a requirement.
- Excellent communication, writing and presentation skills.
- Ability to collaborate and share knowledge within a fast-moving environment.
- Ability to work effectively with a variety of stakeholders interests within the enterprise.
UOB is an equal opportunity employer. UOB does not discriminate on the basis of a candidate's age, race, gender, color, religion, sexual orientation, physical or mental disability, or other non-merit factors. All employment decisions at UOB are based on business needs, job requirements and qualifications. If you require any assistance or accommodations to be made for the recruitment process, please inform us when you submit your online application.
Apply now and make a difference.