let’s make something together

Give us a call or drop by anytime, we endeavour to answer all enquiries within 24 hours on business days.

Find us

PO Box 16122 Collins Street West
Victoria 8007 Australia

Email us

info@domain.com
example@domain.com

Phone support

Phone: + (066) 0760 0260
+ (057) 0760 0560

Senior Security Researcher

  • By Sylwia Lupa
  • 2 November 2022
  • 1521 Views

The candidate will join one the largest banking institutions.

In a rapidly changing technology landscape, security research and offensive security are important components in positioning the company to better protect itself and to manage risk more effectively. This is accomplished by analysing the most critical areas across the bank, simulating real-world attacks, performing regular penetration testing and innovating approaches to find vulnerabilities, that can materially drive a more thorough understanding of cybersecurity attacks and a proactive approach to enhance the security posture of the bank.

The Cybersecurity Research and Offensive Security (CROS) function is building up its capabilities to form a global team of highly skilled security researchers. The Security Research team, within the Global CROS function, provides a specialist approach to assessing the security of systems and technology, identifying previously unknown vulnerabilities and new attack techniques. Additionally, the Security Research team supports the wider CROS function by developing tools and automation of processes to enhance security assessment.

The role holder will be responsible for leading, managing and delivering CROS security research projects, on a wide range of technologies to ensure that the company is well positioned against a variety of Cybersecurity related advanced attack scenarios. The role holder will be required perform hands on security research on software and hardware technology, critical to the company’s services. The individual will work cross-functionally to develop solutions that improves the delivery of CROS services.

The successful candidate will have a proven track record in conducting security research and developing innovative scalable solutions.

The breath of work that is performed across security research in the department.

  • 0-day discovery and vulnerability disclosure
  • Exploit development
  • Mobile security
  • System architecture
  • Software development
  • Source code review
  • Hardware hacking
  • Wireless technology
  • Reverse Engineering
  • Penetration testing

Responisbilities:

  • Maintains the company’s internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators.
  • The jobholder will also adhere to and be able to demonstrate adherence to internal controls. This will be achieved by adherence to all relevant procedures, keeping appropriate records and, where appropriate, by driving the timely implementation of internal and external audit points, including issues raised by external regulators, and internally identified Cybersecurity risks.
  • The jobholder will implement the group compliance policy by containing compliance risk in liaison with Global Head of Compliance, Global Compliance Officer, Area Compliance Officer or Local Compliance Officer. The term ‘compliance’ embraces all relevant financial services laws, rules and codes with which the business has to comply.
  • This will be achieved by adhering to all relevant processes/procedures and by liaising with compliance department about new business initiatives at the earliest opportunity. Also and when applicable, by ensuring adequate resources.
  • The jobholder will ensure the fair treatment (service excellence) of their customers is at the heart of everything they do, both personally and as an organisation.
  • The jobholder will also continually reassess the Cybersecurity and operational risks associated with the role and inherent in the business, taking account of changing economic or market conditions, legal and regulatory requirements, operating procedures and practices, management restructurings, and the impact of new technology.
  • This will be achieved by ensuring all actions take account of the likelihood of operational risk occurring. Also by addressing any areas of concern in conjunction with entity management and/or the appropriate department.
  • Deliver security research projects focused on the company’s critical services and projects to ensure that design, quality and implementation of controls do not expose the bank to a significant level of risk.
  • Achieve excellence by driving performance, compliance and security.
  • Identifying previously unknown vulnerabilities and new attack techniques.
  • Develop tools and automation of processes to enhance security assessment.
  • Work with key stakeholders to proactively drive the reduction in Cybersecurity risks and to improve the security risk posture of the company within the business risk appetite.
  • Provide subject matter expertise and guidance to a broad range of stakeholders across global business and functions.

Requirements

  • English – Fluent written and spoken.
  • Proven written and verbal communication skills.
  • Ability to develop clear business impact and justification to drive investment in team capabilities.
  • Demonstrable experience in vulnerability identification and exploitation.
  • Participation in the Cyber Security industry.
  • Demonstrated experience in network security.
  • Demonstrated experience in embedded systems & hardware hacking.
  • Understanding of analysis of mobile technologies.
  • Understanding of analysis of common operating system, such as Linux, Windows, Google Android and iOS.
  • Demonstrated experience in third party vulnerability disclosure.
  • Demonstrated experience in software development.
  • Demonstrable experience in tooling, automation and prototyping.
  • Demonstrated experience in source code review.
  • Demonstrated experience in penetration testing.
  • Demonstrated experience in black box software security review techniques, including ‘fuzzing’ and reverse engineering.

They can offer:

  • Excellent and positive work environment
  • A stable role with a consistent set of responsibilities
  • Career development prospects within the multi-national leading financial organization
  • Private health care and employees’ benefits
    • sharing the costs of sports activities, sharing the costs of foreign language classes, sharing the costs of professional training & courses, life insurance, retirement pension plan


Note: Prepare your CV in English (PDF), fill in the form, and apply! 🙂

Please include in your CV the following clause necessary for the recruitment process:

“I agree to the processing of personal data that I have made available voluntarily in the recruitment process by the Administrator of personal data, i.e. Dotcommunity Spółka z ograniczoną odpowiedzialnością [Ltd.] based in Cracow, 15 Żabiniec Street, 31-215 Cracow, registered in Poland, the Cracow’s District Court – Śródmieście, XI Commercial Division of the National Court Register under number 0000468484, VAT number: 9452174499, (“Dotcommunity”) in order to carry out the recruitment process for the Senior Security Researcher on the basis of Art.6 item 1a of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)”

.Dotcommunity jest zarejestrowana w Rejestrze agencji zatrudnienia (KRAZ) pod numerem 9904.

    *-required