Jago is a fully digital bank that breaks all of the stereotypes! It puts modern technology at its core, delivering meaningful and reliable services that redefine what it means to manage money. We are pushing boundaries to deliver solutions that will change the lives of millions of users. Jago empowers you as a Cybersecurity assurance specialist to think creatively to solve problems that might not usually push to the limelight but are very much relevant and critical to the growth of our customers.
At Jago, you will be working together with highly motivated people with diverse backgrounds. From the finance industry such as banking and payment, to lifestyle such as e-commerce and consumer electronics. What we have in common is the drive to make something exciting and transformative in a way of opening up new possibilities of what a bank app should be able to.
Internal Audit Cybersecurity Assurance has a unique role in which you are responsible to provide core assurance over the cybersecurity health of the company, to help the organization move at full speed, yet being reassured that safety protocols are always in tack..
Key Accountabilities
- Participates in a broad range of review and assurance activities to assess the cybersecurity posture of the Bank and identify control weaknesses.
- Perform ethical hacking activities (e.g., mobile/web application pentest, infrastructure testing, including custom assessments etc.) as part of the cyber security audit, and design attack scenarios for state-of-the-art technologies.
- Work closely with security experts from multiple industries to improve their solutions by tackling the root cause of the issues and find innovative solutions to modern challenges
- Highlight important observations, translate technical findings into management information so that they can take effective actions.
- Validate appropriate implementation of cybersecurity controls.
- Conduct research on latest developments in IT security technologies and threats.
- Acts as a trusted advisor to the IT / Cybersecurity organization and management.
Qualifications
- 5 years of working experience as Information Security Specialist, Pentester or IT Auditors.
-
Experience with one or more of the following aspects: application and software security, blue / red teaming, industrial security controls, network security, IT operations, penetration testing, risk and vulnerability assessment, investigative techniques, authentication and access management systems, etc.
- Demonstrated experience in capture the flag (CTFs) events, bug hunting or vulnerability research (CVEs) is a plus.
- Professional security certification(s) such as CISA, CISSP, OSCP, GIAC will be an advantage
- Experience with security penetration testing tools e.g. Nessus, Metasploit, Burp Suite etc.
- Experience with various operating systems i.e.: Linux, Unix, Windows, as well with languages like Bash, Python, Ruby, Powershell, Java, and C++ / C# etc.
- Knowledge on standard and advanced defense & remediation techniques and processes (i.e. OWASP, NIST, ATT&CK)
- Practical experience on DevSecOps tools like Puppet, Jenkins, Git, Docker, or Kubernetes, SAST, DAST, etc.
- Knowledge and experience of Cloud security and Container security.