POSITION DESCRIPTION
Reporting to Senior Manager, IT Application Security, this role is responsible for safeguarding the organization's information systems by identifying and mitigating security vulnerabilities. This role involves planning, executing, and managing advanced penetration tests and security assessments to uncover potential security weaknesses and another task assigned.
DUTY & RESPONSIBILITY
- Conduct advanced penetration testing on networks, APIs, web/mobile applications, and systems to identify security vulnerabilities.
- Develop, document, and present detailed testing plans, methodologies, and results.
- Use a variety of tools and techniques to simulate attacks and uncover security weaknesses.
- Lead threat modeling exercises and security reviews to assess emerging threats and improve system resilience.
- Mentor and guide junior penetration testers, sharing knowledge and fostering a culture of security excellence.
- Developing a comprehensive remediation plan of the issue finding.
- Keeping up to date with developments in IT security standards and threats.
- Provide technical expertise and guidance to IT teams on the results of security tests and assessments.
- Collaborate with IT teams to develop and implement effective remediation strategies and action plans to address identified vulnerabilities.
- Supporting to remediate any pending identified vulnerabilities.
- Support any assigned task by Department Head/Manager.
- Leading the team to complete the assigned pentest project.
- Providing support for any project reporting to management.
- Supporting and providing required info for any audit activities.
- Performing any other duties as directed by the supervisor.
QUALIFICATION
- 2+ years of experience in IT Security role.
- Extensive experience in penetration testing and vulnerability assessment.
- Advanced ability to troubleshoot security testing issues.
- Strong knowledge of security testing tools and methodologies.
- Outstanding leadership, organizational, and time management skills.
- Outstanding verbal and written communication skills (English and Khmer).
- Strong people skills.
- Relevant certifications (e.g., OSCP, OSCE, CEH, GPEN) are highly desirable.
- Strong expertise in penetration testing tools (e.g., Burp Suite, Metasploit, Nmap, Wireshark) and scripting languages (Python, PowerShell, or Bash).
- Proficiency in programming and scripting languages is a plus.
How to apply
Interested and qualified applicants should submit your updated Cover Letter and CV stating the position applied for with your current photo (4x6) through hr@canadiabank.com.kh
