let’s make something together

Give us a call or drop by anytime, we endeavour to answer all enquiries within 24 hours on business days.

Find us

PO Box 16122 Collins Street West
Victoria 8007 Australia

Email us

info@domain.com
example@domain.com

Phone support

Phone: + (066) 0760 0260
+ (057) 0760 0560

Senior Security Researcher

  • By Paulina Motowidlo
  • 2 August 2022
  • 132 Views

About the project

In a rapidly changing technology landscape, security research and offensive security are important components in positioning the company to better protect itself and to manage risk more effectively. This is accomplished by analysing the most critical areas across the bank, simulating real-world attacks, performing regular penetration testing and innovating approaches to find vulnerabilities, that can materially drive a more thorough understanding of cybersecurity attacks and a proactive approach to enhance the security posture of the bank.

The role holder will be responsible for leading, managing and delivering CROS security research projects, on a wide range of technologies to ensure that the company is well positioned against a variety of Cybersecurity related advanced attack scenarios. 

.

Your responsibilities

  • Deliver security research projects focused on their critical services and projects to ensure that design, quality and implementation of controls do not expose the bank to a significant level of risk
  • Achieve excellence by driving performance, compliance and security
  • Identifying previously unknown vulnerabilities and new attack techniques
  • Develop tools and automation of processes to enhance security assessment
  • Work with key stakeholders to proactively drive the reduction in Cybersecurity risks and to improve the security risk posture within the business risk appetite
  • Provide subject matter expertise and guidance to a broad range of stakeholders across global business and functions
  • Engage with relevant programmes that are critical to the bank
  • Understand the financial services industry security and threat landscape 
  • Engage with a diverse set of stakeholders in order to achieve CROS objectives, including Business and Functions, Cybersecurity leads, Head of Cybersecurity functions and Control Owners
  • Engage with specialist technology functions such as, Cybersecurity Technology, Cybersecurity Operations and Security Architecture
  • Maintains internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators
  • The jobholder will also adhere to and be able to demonstrate adherence to internal controls. This will be achieved by adherence to all relevant procedures, keeping appropriate records and, where appropriate, by driving the timely implementation of internal and external audit points, including issues raised by external regulators, and internally identified Cybersecurity risks
  • The jobholder will implement the group compliance policy by containing compliance risk in liaison with Global Head of Compliance, Global Compliance Officer, Area Compliance Officer or Local Compliance Officer. The term ‘compliance’ embraces all relevant financial services laws, rules and codes with which the business has to comply
  • This will be achieved by adhering to all relevant processes/procedures and by liaising with the compliance department about new business initiatives at the earliest opportunity. Also and when applicable, by ensuring adequate resources
  • The jobholder will ensure the fair treatment (service excellence) of their customers is at the heart of everything we do, both personally and as an organisation
  • The jobholder will also continually reassess the Cybersecurity and operational risks associated with the role and inherent in the business, taking account of changing economic or market conditions, legal and regulatory requirements, operating procedures and practices, management restructurings, and the impact of new  technology
  • This will be achieved by ensuring all actions take account of the likelihood of operational risk occurring. Also by addressing any areas of concern in conjunction with entity management and/or the appropriate department

.

SKILLS & EXPERIENCE WE REQUIRE

  • Education to degree level or above (Desirable) or relevant work experience
  • 0-day discovery and vulnerability disclosure
  • Exploit development
  • Mobile security
  • System architecture
  • Software development
  • Source code review
  • Hardware hacking
  • Wireless technology
  • Reverse Engineering
  • Penetration testing
  • English – Fluent written and spoken
  • Proven written and verbal communication skills
  • Ability to develop clear business impact and justification to drive investment in team capabilities
  • Demonstrable experience in vulnerability identification and exploitation
  • Participation in the Cyber Security industry
  • Demonstrated experience in network security
  • Demonstrated experience in embedded systems & hardware hacking
  • Understanding of analysis of mobile technologies
  • Understanding of analysis of common operating system, such as Linux, Windows, Google Android and iOS
  • Demonstrated experience in third party vulnerability disclosure
  • Demonstrated experience in software development
  • Demonstrable experience in tooling, automation and prototyping
  • Demonstrated experience in source code review
  • Demonstrated experience in penetration testing
  • Demonstrated experience in black box software security review techniques, including ‘fuzzing’ and reverse engineering

.

WHAT THEY OFFER

  • Stable job in professional team,
  • Interesting path of career in an international organization,
  • Consistent scope of responsibilities,
  • Private health care, employees’ benefits.

.

Note: Prepare your CV in English (PDF), fill in the form, and apply! 🙂
Please include in your CV the following clause necessary for the recruitment process:

“I agree to the processing of personal data that I have made available voluntarily in the recruitment process by the Administrator of personal data, i.e. Dotcommunity Spółka z ograniczoną odpowiedzialnością [Ltd.] based in Cracow, 15 Żabiniec Street, 31-215 Cracow, registered in Poland, the Cracow’s District Court – Śródmieście, XI Commercial Division of the National Court Register under number 0000468484, VAT number: 9452174499, (“Dotcommunity”) in order to carry out the recruitment process for the Senior Security Researcher position on the basis of Art.6 item 1a of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)”

Dotcommunity jest zarejestrowana w Rejestrze agencji zatrudnienia (KRAZ) pod numerem 9904.

    *-required