Application Security and Vulnerability Management

The establishment of Kiatnakin Phatra Financial Group (KKP) brought together knowledge and experience of commercial banking and capital markets businesses. The group comprises of Kiatnakin Phatra Bank PLC, Kiatnakin Phatra Securities PLC, Kiatnakin Phatra Asset Management Co., Ltd., and KKP Dime Securities Co., Ltd. Our goal is to provide top-notch financial services while ensuring maximum benefits for customers, employees, and shareholders, and to contribute to the growth of the nation's financial markets and economy through our products and services, which encompass both money markets and capital markets. KKP is committed to fostering opportunities for success. Here, you will have the chance to learn, develop, and realize your full potential. We believe in providing fulfilling rewards, promoting a fun work environment, and being proud to make a positive impact on society. If you are looking for a work environment that offers you opportunities to grow for a better life, a better workplace, and a better future. Come and join us!

Description

• Conduct web application penetration test, mobile application penetration test, api penetration test, and network/infrastructure penetration test.
• Conduct vulnerability assessment on Internet-facing systems and internal systems.
• Work with IT Security Team to develop a security programs to mitigate identified risks and support security requirements from IT users.
• Research new security threats and attack vectors, provide remediation methods to all levels of Information Technology staff.
• Anticipating possible security threats and identifying areas of weakness in the proposed system, a Security Architect must be proactive to highlight the possible breaches of security.
• Perform IT Security assessment to support new projects and applications as they relate to security architecture and design; audit existing deployments and analyze gaps against security practices and standards.
• Review and advise security solution architect for the proposed system such as: Network Segmentation, Application protection, Defense-in-depth, Remote Access, Encryption Technologies, Backup/Replication/Multiple Sites, Cloud/Hybrid/Multiple Cloud Vendors, Software Defined Networking, Network Function, Virtualization.
• Identify security design gaps in existing and proposed architectures and recommend changes or enhancements.
• Ensure that IT systems and applications within the organization meet the needs of business while adhering to security best-practices, compliance and regulatory requirements

Qualification

• Bachelor or Master’s degree in Computer Engineering, MIS, IT or a related field.
• At least 5 years experiences in cyber security area.
• Professional certificates related to work (e.g. CEH, Pentest+, ISO 27001, OSCP, GPEN or similar general security certification) is desirable
• A positive, can-do attitude, who naturally expresses a high degree of empathy to others.
• Efficient communication and team- player skills.

Specific knowledge and skill / ความรู้เฉพาะตำแหน่ง

• Knowledge of International Security frameworks, Standards, Guidelines and Methodology eg, NIST-800, ISO 27001, OWASP, PCI-DSS, ISSAF, OSSTMM, and etc.
• Previous penetration testing experience and familiarity with commonly used tools and tactics.
• Experience with offensive security analysis tools and tactics.
• Strong cyber threat intelligence and information security experience in complex organizations
• Experience in system and application security management and control.
• Experience in facilitating information security risk assessments.
• Familiarity with cyber security threats, defenses, motivations and techniques.
• Familiarity with security concerns facing large enterprises.