Red Teaming/Security Assurance Analyst

Team: Cyber Resilience & Defence

Designation: Red Teaming/Security Assurance Analyst

Specializing in Red Teaming Assessment, MITRE Framework, Cyber Threat Intelligence, Threat Hunting, and DFIR (Digital Forensics and Incident Response), you will play a pivotal role in enhancing our clients' cyber defenses against cyber threats.

Minimum 3+ years of hands-on relevant experience crucial in identifying vulnerabilities, assessing security postures, and orchestrating simulated attacks to evaluate and fortify our clients' resilience against cyber threats.

vCyberiz Sdn Bhd, Selangor, Malaysia

The resource may need to work flexible hours to provide extended support and be available on call when required.

• Solid experience in Red Teaming assessments, utilizing both offensive and defensive cyber techniques.
• Proficiency with the MITRE ATT&CK framework and its application in cyber defense strategies.
• Strong understanding of Cyber Threat Intelligence sources, methods, and analysis.
• Proven capability in Threat Hunting methodologies and tools.
• Hands-on experience in Digital Forensics and Incident Response (DFIR) investigations.

• Physical Social Engineering Attacks: Conducting covert operations involving manipulating individuals to gain physical access to secure areas or sensitive information, including tactics such as tailgating, pretexting, and impersonation.
• Rapid Payload Prototyping: Developing and deploying customized malware and exploits quickly to simulate real-world attack scenarios, enabling the testing and improvement of organizational defenses.
• Effective Scenario Development Based on Use Cases: Crafting realistic attack scenarios tailored to an organization's environment and threat landscape, ensuring impactful and relevant exercises.

Excellent analytical and problem-solving skills are essential, with the ability to think strategically and act tactically in high-pressure situations. Effective communication skills are also required to convey complex technical information to non-technical stakeholders. Relevant certifications (e.g., OSCP, CISSP, GIAC) are advantageous.

• Clear and concise communication of technical information to non-technical stakeholders, fostering understanding and informed decision-making.
• Analytical ability to identify root causes of cyber issues, assess risks, and propose practical solutions in dynamic environments.
• Proven capability to work effectively in cross-functional teams, leveraging diverse perspectives to achieve cybersecurity objectives.
• Efficient prioritization and task management to meet deadlines in high-pressure situations, ensuring timely response to cyber incidents.
• Readiness to adapt to evolving cybersecurity threats and technologies, with a commitment to continuous learning and professional development.