GT ITS - Red Team
To perform Red Team exercise on CIMB systems (servers and network devices) to ensure compliance with the regulators requirements (RMIT) and CIMB IT Standard. Key Responsibilities * Planning and scoping
- Define systems and processes that require assessment
- Identify areas concern to CIMB organization - identify CIMB Critical Risk assets, Internet facing assets,
- Develop overall testing strategy and timeline.
- Threat Intelligence input / feed - Work together with SOC / CTI team to identify threat actors to CIMB.
- Research major threat actors and attack techniques relevant to CIMB organization and the assessment scope. Can work with internal CTI team.
- Develop attack scenarios using data received from the threat intelligence team.
- Tailor specific attack scenarios based techniques used by attackers in real life cases.
- Perform Active/Passive reconnaissance on CIMB target assets
- Propose attack scenarios and plans
- Monitor and capture mirrored traffic. Analyse the network packet data from the sniffer.
- Detect anomalies based on behavioural patterns
- Identify malicious activity
Execution (Attack, Intrusion & Compromise)
- Define the objectives and detailed testing scope
- Ensure the testing timeline and approach are agreed
- Understand / analyse the inherent risk and propose action plans or controls that can be implemented to mitigate the risks. Ensure these are documented accordingly.
- Come up with risk mitigation activities
- Typically, creating scripts and preparing tools required to be used to launch the attack.
- Prepare infrastructure listing / host listing for attack execution
- Obtain sign-off (if any)
- Execute the attack scenarios that was discussed in threat intelligence.
- Common focus point of attack execution: Reconnaissance, Information Gathering, Exploitation, Attack the target
- Pivoting - Basically using the first compromise to allow and even aid in the compromise of other otherwise inaccessible systems.
- Analyse and compile the findings for reporting and send out draft findings to stakeholders for immediate rectification.
- Plan for the deliberation to discuss the findings with stakeholders.
- Subsequently, follow up with the team to ensure findings are remediated and prepare for revalidation.
- Escalate to stakeholders if there are no feedback from the action owners.
(Basic Degree/Diploma etc)
- Bachelor Degree, Business Information Systems
- Diploma / Degree
- Diploma/Bachelor's Degree (Honours)
Professional Qualification and/or Regulatory, Licensing requirements
- Certified Ethical Hacker
- GIAC Assessing Wireless Networks (GAWN)
- GIAC Web Application Penetration Tester (GWAPT)
- GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
- Certified Red Team Operations Professional (CRTOP)
- Certified Threat Intelligence Analyst (CTIA)
Relevant Work Experience
Required Competencies and Skills *
- 5 years experience of experience in VAPT & Red Team
(Essential to succeed in this job)
Travel Requirements (if any)
- Develop Red Team processes and identification of risk
- Oversight and appropriate delegation of key deliverables for assessments
- Development of plans and strategies for tools, processes and overall assessment road map
- Plan program design updates based on evolving threat intel
- Creation / Develop tailored scripts for Red Team testing / exercise
- Mentor and coach junior staff on regular basis
- Proposed remediation strategies for remediating system exposed with vulnerabilities
- Plan for deliberations with respective stakeholders
(Incl typical Destinations and Duration)
- On case basis.
- Travel within Klang Valley