Deputy Manager, Cyber Resilience Testing Operations

Duties and Responsibilities

As the Deputy Manager, Cyber Resilience Testing (CRT) Operations, you will play a critical role in supporting the execution of advanced cyber resilience testing, real‑time attack simulations, and threat emulation exercises. Working closely with the Cyber Resilience Testing (CRT) team and reporting to the Cyber Resilience Testing Lead, you will be responsible for operating tools and infrastructure that support red teaming, adversary simulations, and cyber drills. This role combines deep hands‑on technical expertise with situational awareness, allowing you to operate and adjust real‑time simulations that assess the organization’s cyber defenses. You will also assist in refining cyberattack scenarios, monitoring blue team responses, and capturing operational data for post‑exercise analysis.

Key Performance Areas

• Red Team Program
  • Execute red teaming engagements, including adversary emulation, penetration testing, and attack simulations against the bank’s infrastructure, applications, and personnel.
  • Conduct threat modeling, attack surface analysis, and vulnerability assessments to identify security gaps and recommend mitigations.
  • Prepare draft reports and executive summaries for senior management, outlining findings, risks, and recommended remediation strategies.
  • Stay updated on the latest cyber threats, attack techniques, and security trends to continuously evolve the red teaming strategy.
  • Ensure compliance with Bank Negara Malaysia (BNM) RMiT, TIBER‑MY, and other relevant regulatory and security frameworks.
• Information & Cyber Security Program
  • Support information/cyber security programs such as compromised assessment, threat hunting and Cyber Drill exercise.
  • Support a bank‑wide information security education and awareness campaign.
  • Provide information/cyber security training and education to stakeholders.
  • Track the current cyber security programs that have been conducted.

Qualification

Degree in Information Technology or any related fields.

Years of Experience

• Minimum 5+ years of experience in offensive security, penetration testing, or red teaming, with at least 3+ years in a leadership role.
• 3 years of job experience in the Financial and Banking sector.

Specific Skills/Knowledge and Certification Required

• Experience in IT / Information Security industry is preferred.
• Experience in Banking operations with deep knowledge of banking system integration.
• Strong expertise in ethical hacking, adversary simulation, and advanced penetration testing techniques. Experience with threat modeling and web application security assessments.
• Hands‑on experience with tools such as Cobalt Strike, Metasploit, Empire, Mimikatz, Burp Suite, BloodHound, and custom‑built scripts. 1+ years experience using common application security testing tools (e.g., Gophish, Metasploit, Burp, OWASP ZAP, WPScan, Wi‑Fi auditing tools, Hak5 tools).
• In‑depth understanding of network security, Active Directory exploitation, web application security, cloud security (AWS/Azure), and mobile security.
• Familiarity with threat hunting, purple teaming, and advanced attack methodologies.
• Strong knowledge of MITRE ATT&CK, TTPs (Tactics, Techniques, and Procedures), and modern attack frameworks.
• Industry certifications such as OSCP, OSCE, OSEP, CRTO, CISSP, GIAC (GCPN, GXPN, GCIH), or equivalent are highly preferred.
• Strong analytical and problem‑solving skills, with the ability to think like an attacker and adapt strategies accordingly.
• Excellent communication and leadership skills, with the ability to articulate technical findings to both technical and non‑technical stakeholders.

Find thousands of job opportunities by signing up to eFinancialCareers today.