Offensive Security Assessments Manager

COMPANY INTRODUCTION

Emirates NBD is a market leader across the MENAT (Middle East, North Africa and Türkiye) region with a presence in 13 countries, serving over 20 million customers. The Emirates NBD Group has a total of 853 branches and 4,213 ATMs / SDMs. Emirates NBD is the leading financial services brand in the UAE with a Brand value of USD 3.89 billion

At the bank, we serve our customers and help them realise their financial objectives through a range of banking products and services including retail banking, corporate & institutional banking, Islamic banking, investment banking, private banking, asset management, global markets and treasury, and brokerage operations

We are a key participant in the global digital banking industry, with 97% of all financial transactions and requests conducted outside of our branches. We also operate Liv, the lifestyle digital bank by Emirates NBD. With close to half a million users, it continues to be the fastest-growing digital bank in the region

Offensive Security Assessments Manager

Key Responsibilities:

• Manage and maintain the Offensive Security Assessment program as part of the Threat and Compliance (TCM) Charter and associated operating procedures based on the requirements of Emirates NBD policy, audit, compliance and regulatory requirements
• Maintain and manage Emirates NBD threat modelling framework and operationalize these models into the offensive security assessment program
• Collect open source intelligence on threats and vulnerabilities applicable to Emirates NBD technology stack
• Carry out scenario based war gaming activities
• Ensure threat controls and systems are reviewed for appropriate, effective and optimal configuration across the Group
• Participate in event planning stages to develop Cyber assessment plans and conduct assessment tests against Emirates NBD group installations & controls
• Identify and track IT risks and gaps that are remediated through operational activities or treated via risk management process.
• Responsible for threat activity reporting and insight on the IT technology assets used by the group.
• Managing planned and ad-hoc review and reporting requests from stakeholders across Emirates NBD Group IT and business functions
• Develop attack vectors, exploit payloads and backdoors as necessary for the successful execution of the Offensive Security Assessment program
• Contribute on Offensive Security automation initiatives
• Conduct periodic Purple/Red Team assessments and other attack simulation goals.
• Programming language proficiency in one or more languages C, C++, Python, CSharp, ASM etc.
• Prepare and deliver technical and management reports and presentations
• Prioritize business requirements and manage backlogs for team deliveries
• Accountable for stakeholder engagement and relationships to deliver security assessments as per TCM Charter
• Research new threats vectors / attack methods that are cutting edge in testing control effectiveness
• Enhance technical security assessment & pen testing capabilities to ensure effective assessment for an evolving technology landscape
• Build new periodic assessment frameworks and methodologies that help contribute to a more efficient method of executing the charter
• Improve threat modelling framework to ensure that new relevant threat vectors are identified and are part of the framework
• Ensure coverage of policy, audit, compliance and regulatory requirements.
• Ensure that offensive security exercises are carried out cautiously without adverse business impact

Key Requirements:

• Bachelors or Master’s Degree in Computer Science, Mathematics or equivalent discipline
• Master’s Degree in Business Management or equivalent
• Certifications such as CISSP, OSCP, OSCE, OSEP, OSWE, CREST, GPEN, SANS GXPN
• 5-7 years of experience with technical Cyber security
• 3-4 years of experience with Red Team or penetration testing or offensive Cyber testing
• Experience with Bash scripting, Perl, Java, Python or R
• Strong hold of Cloud Security - CICD Security - Experience in various tools VAF
• Experience with malware analysis tools
• Experience with mobile and digitization platforms
• Experience with platforms like Cloud, DBMS (SQL or NoSQL based), Containerization Technologies & Micro services/API based architecture
• Experience with MITRE Attack Framework
• Strong technical background covering heterogeneous technologies and multiple security domains (Technical)
• Deep knowledge of the gaps and weaknesses of a typical heterogeneous banking environment including the toolsets required for security assessments (Technical)
• Deep experience in depicting proof of concept exploits for vulnerabilities, accurate threat assessment and mitigation recommendation. (Technical)
• Deep experience in the preparation and facilitation of war gaming. Identify gaps and opportunities by utilizing niche adversarial experience of the team (Technical)
• Deep experience in evaluating threats as per the latest threat environment affecting the region (EMEA & North Africa) and the world (Technical)
• Deep knowledge and skills in breaking controls and of polices ,standards and required controls (both technical and compliance based) (Technical)
• Deep threat modelling experience