Security Engineer – Security Testing

Logic Bounce is an independent research-driven and insight-led security consultancy founded in 2013 with offices in Europe, Asia and North America. In a rapidly changing technology landscape, innovation is essential and we believe passionately that the surest way to run out of new ideas is to hold too tightly onto old ones. In an era of digital disruption and transformation, cybersecurity is the essential component that ensures that companies have the confidence to implement digital processes and technologies to drive innovation and growth. We offer a complete portfolio of services to help identify threats and risks, define strategy, deploy the right technologies, develop capabilities and ensure operational readiness to enable business through security. We have the ability to address the needs at a strategic program level, at the operational project level and at all levels in between.

Role Overview

The Security Engineer – Security Testing supports the Insight Security Testing Services Team by applying information security threat intelligence to identify and exploit vulnerabilities within our client’s environments. The focus areas for this role are one or more of the following: network testing, wireless network security, web application testing, mobile application testing, physical security, and social engineering.

Role Responsibilities

• Conduct exploitation testing using off-the-shelf or self-developed exploitation tools and document findings for client remediation
• Maintain working knowledge of advanced cyber threat actor tactics, techniques and procedures (TTP), and emulate these TTP to assess vulnerability and risk
• Perform proactive research to identify and understand new threats, vulnerabilities, and exploits
• Produce and deliver vulnerability and exploit information to clients in the form of briefings and
  reports
• Mentor and train fellow team members in new technologies and techniques
• Document and present on new testing methodologies to internal and external teams
• Develop and document new post-exploitation tools and techniques for use by internal and external customers
• Excel as both a self-directed individual contributor and as a member of a larger team
• Availability for domestic travel and limited international travel up to 25%
• Apply innovation to improve service efficiency and service value
• Suggest or implement enhancements to internal systems
• Interface with Threat Defence Unit (TDU) and Incident Response (IR) teams
• Perform other essential duties as assigned
• Fluent in English and Mandarin

Logic Bounce expects its employees to understand and apply commonly known security practices and possess a working knowledge of applicable industry controls such as NIST 800-53. Employees will be expected to acknowledge their security responsibilities in writing prior to gaining access to company systems. Employees will be required to maintain a working knowledge of local security policies and execute general controls as assigned.

Qualifications

• Experience with security tools such as – Nmap, Metasploit, Kali Linux, Burp Suite Pro, Nessus etc., as well as other various commercial and self-developed testing tools
• 5 years of experience leading penetration testing, application testing, and red team engagements
• Experience with scripting languages such as python, ruby, POSIX shell, as well as familiarity with programming languages such as: C/C++/ObjC/C#, Java, PHP, or .NET
• Understanding of:
  • Web protocols (e.g., HTTP, HTTPS, and SOAP)
  • Web technologies (e.g., HTML, JavaScript, XML, AJAX, JSON, and REST)
• Experience with WLAN security concepts and testing
• Strong technical communication skills, both written and verbal
• Ability to explain technical security concepts to executive stakeholders in business language
• Operating systems administration and internals (Microsoft Windows / Linux)
• Understanding of TCP/IP networking at a technical level
• Significant plusses for one or more of the following: experience in social engineering, mobile or cloud application testing, experience with disassembly and debugging tools, exploit development, static/dynamic malware analysis, testing embedded platforms and hardware security, ICS testing experience, and cryptography or cryptanalysis
• Presentation skills and tools (e.g., PowerPoint, Keynote, etc.)
• Significant public security presentation experience is a plus
• General security certifications such as CISSP or GSEC
• Crest CWAT/CCIT/CC WS/CRIA/CCNIA/CCMRE/CCHIA, OSCP, GIAC, GPEN, GWAPT, GXPN or similar preferred
• 10+ years of professional experience in information security or related field
• A Bachelor of Science degree in Computer Science, Computer Engineering, Electrical Engineering, or a related technical field; or equivalent professional experience
• Candidates hold or could contain a Government security clearance
• Fluent in English and Mandarin

Logic Bounce is committed to the principle of equal employment opportunities for all employees and to provide employees with a work environment free of discrimination and harassment. All employment decisions at Logic Bounce are based on business needs, job requirements and individual qualifications, without regard to race, colour, religion or belief, national, social or ethnic origin, sex, age physical, mental or sensory disability, sexual orientation, gender identity and/or expression, martial, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status or any other status protected by the laws or regulations in the locations where we operate. Logic Bounce will not tolerate discrimination or harassment based on any of these characteristics. Logic Bounce encourages applicants of all ages.