About the role
Our cybersecurity professionals possess in-depth industry knowledge, technical expertise, and specialized skills. We give you the opportunity to learn and apply leading practices to better manage cybersecurity people, processes, and technology capabilities as you collaborate in planning, pursuing, delivering, and managing quality engagements to uplift cybersecurity and resilience programs for our clients across a wide range of industries.
Work you will do
- Execute penetration testing, red teaming, and threat hunting assessments including identifying and/or exploiting security vulnerabilities in information technology, operational technology, and cloud infrastructure (e.g., AWS, Azure, Google Cloud Platform) using the established methodology, tools and rules of engagements.
- Work with the Purple and Blue Teams to develop remediation strategies and enhance cyber threat monitoring and detection capabilities.
- Perform intelligence gathering, vulnerability identification and analysis to chain vulnerabilities and identify potential attack paths resulting in privilege escalation and remote code execution vulnerabilities.
- Perform in-depth analysis of penetration testing results and create reports that describe findings, exploitation procedures, risks and recommendations.
- Conduct security research to devise new attack techniques from multiple companies and vendors.
- Stay current with the latest exploits and security trends.
- Develop custom software tools / scripts to assist in compromising security platforms and applications.
- Be accountable for the delivery of high-quality work on time.
- Develop ability to work both independently as well as provide technical leadership and advice to junior team members.
- Provide supervisor regular project status updates against key performance indicators and engagement objectives.
- Convey complex technical security concepts to technical and non-technical audiences including executives.
- Opportunities to work with cross-functional competencies e.g., management consulting, digital excellence, data analytics, ERP advisory, blockchain technology, global practices.
Let us Talk About You
If you are someone with:
- Bachelor's or Master’s degree in Computer Science, Cybersecurity, Information Systems, Information Technology, Engineering or a related major.
- A minimum of 4 years of related work experience in penetration testing at least four of the following: Cloud, API, internet, web application, mobile application, intranet, wireless, social engineering, Red Team and Purple Team assessments.
- Familiarity with industry best practices and framework (e.g., CSA Security Trust Assurance and Risk, CIS Benchmarks, NIST Framework, MITRE ATT&CK framework).
- Knowledge of Windows, Linux, Unix, MacOS and any other major operating systems.
- Deep understanding and experience with various Active Directory attack techniques.
- Extensive knowledge and experience working with cloud infrastructure. (e.g., Amazon Web Services, Microsoft Azure, Google Cloud Platform).
- Knowledge of cloud system architecture, authentication and federation services, storage technologies, identity and privilege management.
- Deep understanding of Open-Source Intelligence gathering techniques for discovery of Internet accessible assets.
- Deep understanding of network security and common attack vectors.
- Updated and familiarized with the latest exploits, vulnerability remediation, and security trends.
- Experience with identification, privilege escalation, exploitation, lateral movement techniques using stealth and manual techniques as well as automated testing tools.
- Understanding of web-based application vulnerabilities (OWASP Top 10).
- Understanding of (Android, iOS) mobile application vulnerabilities (OWASP Mobile Top 10).
- Experience with application security source code review.
- Experience with scripting / programming skills (e.g., Python, PowerShell, Java, Perl, Ruby etc.).
- Experience to lead a technical team to conduct remote and on-site technical assessment within defined rules of engagement.
- Strong business acumen, technical skills and industry knowledge to demonstrate value-added work.
- Demonstrated capacity and capability for continuous learning including actively seeking specific feedback from peers and supervisors.
- Demonstrated critical thinking and professional judgment skills including improving technical skills as well as oral and written communication skills.
- Self-motivation and high accountability to develop career growth, technical expertise and soft skills.
- Relevant professional certifications accredited by leading organizations including GIAC, ISACA, EC-Council, (ISC)2, SANS, etc.
Why work with us
We are a team of experts in a talented community, a collaborative atmosphere where creativity is encouraged. People First, by putting people at the heart of our priorities, we foster a work environment where you can excel and grow personally and professionally. Bluebik is strived for growth and expansion, and you can be part of our success story. We combine strategy, digital delivery excellence and deep technology advisory to help our clients transform their business. At Bluebik, your career advancement starts with actions. You can manage your own career and will advance based on performance. We collaborate to create unique and outstanding experience with our talents to empower learning and growth opportunities. Whatever your ambitions, Bluebik offers you with a highly inclusive community of talents from both tech and business worlds to realize your full potential.
What we offer
We offer impactful and challenging work with mentorship and support from direct manager and subject matter experts. You will have autonomy to manage your career path with endless opportunities for professional growth. Our comprehensive benefit package covers medical insurance, life, accident and disability insurance, wellness allowance, vaccination allowance, providence fund, flexible working arrangement, and Professional certification. Bluebik provides opportunities to become the best version of yourself!
Bluebik is an equal opportunity employer. We owe our success to the talents of our diverse team and the varying perspectives they add to our thriving community.
Bluebik does not accept unsolicited resumes sent by recruiting agencies. Please do not forward resumes to our job postings, Bluebik employees or other parts of the business. Bluebik will not be liable to pay any fees to agencies for candidates hired as a result of unrequested resumes.