Job Description

COMPANY INTRODUCTION Emirates NBD is a market leader across the MENAT (Middle East, North Africa and Türkiye) region with a presence in 13 countries, serving over 20 million customers. The Emirates NBD Group has a total of 853 branches and 4,213 ATMs / SDMs. Emirates NBD is the leading financial services brand in the UAE with a Brand value of USD 3.89 billion At the bank, we serve our customers and help them realise their financial objectives through a range of banking products and services including retail banking, corporate & institutional banking, Islamic banking, investment banking, private banking, asset management, global markets and treasury, and brokerage operations We are a key participant in the global digital banking industry, with 97% of all financial transactions and requests conducted outside of our branches. We also operate Liv, the lifestyle digital bank by Emirates NBD. With close to half a million users, it continues to be the fastest-growing digital bank in the region The Offensive Security Assessments Manager will manage and conduct covert targeted penetration testing for Emirates NBD installations and controls through focused threat based methodologies as a simulated adversary to expose and exploit vulnerabilities to improve Cyber readiness and review security controls and system configurations across IT systems across the group to ensure their security posture and compliance. Key Responsibilities: Manage and maintain the Offensive Security Assessment program as part of the Threat and Compliance (TCM) Charter and associated operating procedures based on the requirements of Emirates NBD policy, audit, compliance and regulatory requirements Maintain and manage Emirates NBD threat modelling framework and operationalize these models into the offensive security assessment program Collect open source intelligence on threats and vulnerabilities applicable to Emirates NBD technology stack Carry out scenario based war gaming activities Ensure threat controls and systems are reviewed for appropriate, effective and optimal configuration across the Group Participate in event planning stages to develop Cyber assessment plans and conduct assessment tests against Emirates NBD group installations & controls Identify and track IT risks and gaps that are remediated through operational activities or treated via risk management process. Responsible for threat activity reporting and insight on the IT technology assets used by the group. Managing planned and ad-hoc review and reporting requests from stakeholders across Emirates NBD Group IT and business functions Develop attack vectors, exploit payloads and backdoors as necessary for the successful execution of the Offensive Security Assessment program Contribute on Offensive Security automation initiatives Conduct periodic Purple/Red Team assessments and other attack simulation goals. Programming language proficiency in one or more languages C, C++, Python, CSharp, ASM etc. Prepare and deliver technical and management reports and presentations Prioritize business requirements and manage backlogs for team deliveries Accountable for stakeholder engagement and relationships to deliver security assessments as per TCM Charter Research new threats vectors / attack methods that are cutting edge in testing control effectiveness Enhance technical security assessment & pen testing capabilities to ensure effective assessment for an evolving technology landscape Build new periodic assessment frameworks and methodologies that help contribute to a more efficient method of executing the charter Improve threat modelling framework to ensure that new relevant threat vectors are identified and are part of the framework Ensure coverage of policy, audit, compliance and regulatory requirements. Ensure that offensive security exercises are carried out cautiously without adverse business impact Key Requirements: Bachelors or Master’s Degree in Computer Science, Mathematics or equivalent discipline Master’s Degree in Business Management or equivalent Certifications such as CISSP, OSCP, OSCE, OSEP, OSWE, CREST, GPEN, SANS GXPN 5-7 years of experience with technical Cyber security 3-4 years of experience with Red Team or penetration testing or offensive Cyber testing Experience with Bash scripting, Perl, Java, Python or R Experience with malware analysis tools Experience with mobile and digitization platforms Experience with platforms like Cloud, DBMS (SQL or NoSQL based), Containerization Technologies & Micro services/API based architecture Experience with MITRE Att&ck Framework Strong technical background covering heterogeneous technologies and multiple security domains (Technical) Deep knowledge of the gaps and weaknesses of a typical heterogeneous banking environment including the toolsets required for security assessments (Technical) Deep experience in depicting proof of concept exploits for vulnerabilities, accurate threat assessment and mitigation recommendation. (Technical) Deep experience in the preparation and facilitation of war gaming. Identify gaps and opportunities by utilizing niche adversarial experience of the team (Technical) Deep experience in evaluating threats as per the latest threat environment affecting the region (EMEA & North Africa) and the world (Technical) Deep knowledge and skills in breaking controls and of polices ,standards and required controls (both technical and compliance based) (Technical) Deep threat modelling experience Collaborative leadership style that involves a mix of resource & project planning along with delegation, decision making & conflict resolution (Management) Superior verbal & written communication skills; should be able to simply and effectively explain security observations to technical personnel and to business personnel (Management) Possesses high emotional intelligence in order to be able to manage self when dealing with discovery of critical threats and what actions to take on them (Self Related) Empathizes with team mates and stakeholders alike and understands on-the-ground reality situations, especially when influencing remediation (Self Related) Creates awareness/development of skills conducive to threat simulations/adapt skills to testing methods such as reverse engineering, password cracking, social engineering, infrastructure and application attacks (People) Show more Show less