What you’ll do
The purpose of this role is to drive the offensive security program for VF Turkey ecosystem to constantly keep adding up solutions and knowledge to reduce our risks within the challenging cyber landscape.
You will be the single point of contact for providing guidance on all offensive security activities like penetration testing, red teaming, exploit development, purple team activities etc. and work closely with solution, product, or infrastructure owners.
• Having a strong security architect mindset and using best practice knowledge from an attackers point of view to proactively detect, identify and respond to cyber events, known and unknown threats, security risks and vulnerabilities with effective management of response plans, across the security platform lifecycle in line with cyber security policies and procedures,
• Contributing the offensive security program including attack vector simulation, planning & scheduling of all security testing activities, reporting, remediation support, false positive check and maintenance of tools,
• Regular reconnaissance & red teaming activities for populating and confirming asset inventory both for internal and external network,
• Creating procedures, flowcharts and playbooks relevant to tasks performed continuously
Who you are
• BSc. in Computer / Electrical & Electronics / Industrial Engineering is desired,
• Master’s degree (preferably in Computer Science, Cyber Security) or equivalent information security experience is desired,
• At least 4 years of proven experience in performing hands-on penetration testing, and/or adversary simulation, red teaming exercises, vulnerability assessments in complex operational ICT environments,
• CISSP, OSCP, OSCE, GXPN, GPEN, GWAPT, CySA+, CEH or equivalent would be a plus,
• Familiarity with industry standards like OWASP TOP10, OWASP ASVS, OWASP MSTG, OSSTMM, CVSS, STRIDE, CIS, NIST etc.
• Ability to translate highly technical findings and recommendations into visual format for different technical and non-technical stakeholders,
• Excellent understanding of attacker tools, tactics and techniques and referencing on MITRE ATT&CK, strong knowledge of MITRE Shield.
• Solid knowledge of security principles and practices,
• Proven experience in one or more of the following topics are also desired:
o Threat modeling, risk management,
o TCP/IP, computer networking, routing and switching,
o Network protocols and packet analysis tools,
o Windows, UNIX and Linux operating systems,
o Firewall, WAF and intrusion detection/prevention protocols,
o DLP, anti-virus and anti-malware,
o Python, Go, Bash or any other programming/scripting language,
o Cloud computing,
o SaaS, PaaS models,
o Security Information and Event Management (SIEM),
o Incident Management/Response
• Excellent problem-solving, analytic and documentation skills,
• Critical thinking with strong attention to details and follow up,
• Technically competent to contribute towards the preparation and implementation of control processes, procedures and guidelines,
• Fluent in English (both verbal and written).
Not a perfect fit