Cyber Security Specialist

Job Summary:

We are seeking a highly skilled Offensive Cyber Security Specialist with solid banking domain experience to join our Group Information Security team. This role is responsible for conducting offensive cyber assessments, managing penetration testing, participating in Red Team operations, and identifying security gaps in IT applications and infrastructure. You will serve as a key contributor to enhancing the bank’s cyber resilience, ensuring compliance with IT security policies and standards.

Key Responsibilities:

1. Offensive Security & Technical Assessments

• Perform penetration testing and vulnerability scanning across applications, systems, and networks.
• Participate in Red Team exercises simulating real-world attack scenarios.
• Evaluate effectiveness of security controls and architectures.
• Support source code reviews and security testing of internal and third-party applications.

2. Cybersecurity Governance & Risk

• Conduct technical risk assessments for infrastructure and business applications.
• Ensure adherence to the bank’s IT Security Policies and relevant regulatory frameworks.
• Support the enhancement of the organization’s cyber security posture through detailed technical assessments and recommendations.
• Assist in audits, internal reviews, and third-party security evaluations.

3. Stakeholder Management

• Collaborate with IT, business teams, and external vendors on security testing and remediation efforts.
• Manage relationships with penetration testing vendors.
• Act as a subject matter expert (SME) for IT security risk and provide ad hoc consultancy on emerging technologies and threats.

4. Reporting & Compliance

• Produce high-quality assessment reports, technical findings, and executive summaries.
• Support internal departments in meeting Service Level Agreements (SLAs) for risk and security services.
• Provide timely responses to internal/external auditors, compliance, and regulatory bodies.

Required Qualifications:

• Bachelor's degree in Information Technology, Cyber Security, or a related field. Master’s preferred.
• 4+ years of hands-on experience in offensive security, penetration testing, or Red Teaming.
• Prior experience in banking or Big 4 consulting firms is mandatory.
• Certifications: CISSP, CISM, CISA (mandatory); OSCP, OSCE, or similar offensive security certs are a strong plus.

Required Technical Skills:

• Strong knowledge of penetration testing tools and methodologies.
• Hands-on experience with Windows, Linux, mobile OS (Android/iOS), and cloud environments.
• Understanding of DevSecOps, container security (Kubernetes, Docker), and CI/CD pipelines.
• Experience with multi-forest Active Directory security and architecture assessments.
• Programming/scripting in Python, Go, Rust, or C#.
• Knowledge of application security testing tools (e.g., Burp Suite, Metasploit, OWASP ZAP).
• Familiarity with source code review tools and secure development frameworks.