Key Responsibilities: 1. Integrating security tools, standards, and processes into the product life cycle (PLC) 2. Perform regular vulnerability assessment and penetration testing for Infrastructure, web applications, web services, mobile apps 3. Supporting the incident response and architecture review processes whenever application security expertise is needed 4. Identify, analyse and assess technical and organisational cybersecurity vulnerabilities 5. Identify attack vectors, uncover and demonstrate exploitation of technical cybersecurity vulnerabilities • Test systems and operations compliance with regulatory standards • Select and develop appropriate penetration testing techniques • Organise test plans and procedures for penetration testing • Establish procedures for penetration testing result analysis and reporting • Document and report penetration testing results to stakeholders 6. Deploy penetration testing tools and test programs 7. Managing annual penetration testing services, including both expert consulting and managed service 8. Providing manual penetration testing and standards gap analysis services to internal business and technology partners 9. Managing application framework and perimeter security improvement projects. 10. Supporting vendor due diligence assessments to ensure 3rd party software meets Lebara security standards 11. Producing metrics reporting the state of application security programs and performance of development teams against requirements 12. Identify application security risks and requirements for new projects and system developments. Enforcing security policies and procedures concerning production infrastructure 13. Work with the architecture and development teams to review code for security vulnerabilities and embed/improve security threat modelling and secure coding in the development lifecycle 14. Ensuring that necessary controls and processes exist to appropriately correlate and assess security events |