About the Job
This role is critical in enabling STCBank to stay ahead of cybersecurity assurance. The ideal candidate will have a robust background in cybersecurity vulnerability scanning and testing, along with a proven track record in effective cybersecurity regulations, frameworks, and international standards.
Ready to apply for roles like this?
Unlock the company name and direct application link. Subscribers get instant access to fresh jobs across Dubai, Abu Dhabi and Riyadh, many with visa support.
Unlock employer & apply directly
Key Responsibilities:
-
External Network Penetration Testing:
- Identify vulnerabilities in STCBank's external-facing systems, networks, and applications.
- Conduct port scanning, vulnerability scanning, and exploitation attempts to identify potential attack vectors.
- Assess the effectiveness of firewalls, intrusion detection systems (IDS), and other security controls.
-
Internal Network Penetration Testing:
- Evaluate the security of internal networks, systems, and applications.
- Identify vulnerabilities in network devices, servers, and workstations.
- Assess the effectiveness of internal security controls, such as access controls and segmentation.
-
Application Penetration Testing:
- Assess the security of web applications, mobile applications, and other software systems.
- Identify vulnerabilities such as SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF).
- Test authentication mechanisms, authorization controls, and data validation processes.
-
Social Engineering Testing:
- Simulate social engineering attacks to evaluate employee awareness and susceptibility.
- Test phishing, pretexting, and other social engineering techniques.
- Identify vulnerabilities in STCBank’s social engineering defense mechanisms.
-
Wireless Network Assessment:
- Evaluate the security of wireless networks, including Wi-Fi and Bluetooth.
- Identify vulnerabilities in access points, encryption protocols, and authentication mechanisms.
- Assess the effectiveness of wireless intrusion prevention systems (WIPS).
-
Cloud Security Assessment:
- Assess the security of cloud-based infrastructure and applications.
- Identify vulnerabilities in cloud platforms, virtual machines, and storage systems.
- Evaluate the effectiveness of cloud security controls and best practices.
-
Vulnerability Scanning:
- Conduct regular vulnerability scans to identify and address security weaknesses.
- Use automated scanning tools to identify known vulnerabilities and prioritize them based on risk and severity.
-
Reporting and Recommendations:
- Provide detailed reports outlining findings, recommendations, and remediation strategies.
- Clearly communicate the severity of identified vulnerabilities and their potential impact.
- Offer guidance on implementing security measures to address identified risks.
-
Ongoing Support:
- Provide ongoing support and assistance with implementing recommended security measures.
- Be available for consultation and advice on cybersecurity matters.
Qualification and Experience Requirements:
- 5-10 years of experience in providing cybersecurity vulnerability assessment and penetration testing services to financial institutions, preferably banks in Saudi Arabia.
- Bachelor’s degree with industry-proven certifications like CEH, OSCP, eJPT, etc.
- Proven track record of successfully helping organizations achieve compliance with relevant cybersecurity regulations.
- Deep understanding of the SAMA Cybersecurity Framework, NCA Cybersecurity Requirements, PCI DSS, and GDPR.
- Strong working knowledge of cybersecurity best practices and frameworks such as NIST Cybersecurity Framework.
- Ability to assess and identify potential cybersecurity vulnerabilities within a banking environment.
- Excellent communication, collaboration, and project management skills.
