About Ascend Money
Our Ascend vision is to create life opportunities with innovative digital services. Operating in Southeast Asia, we are able to help one of the world's largest populations of underbanked, the people from some of the poorest provinces who are disregarded by traditional banks. So many lives are waiting for our help.
In 2018, we served over 30 million customers in 6 countries (Thailand, Cambodia, Myanmar, Vietnam, Indonesia, Philippines), and processed over 4.5 billion USD. This makes us by far the largest fintech company in SE Asia and growing quickly.
Responsibilities:
- Conduct advanced penetration tests to identify vulnerabilities in computer systems, networks, and applications.
- Perform vulnerability assessments and security audits to evaluate the effectiveness of existing security measures.
- Develop and execute simulated cyber attacks to assess the organization's readiness to defend against real-world threats.
- Employ various attack methodologies to test the resilience of systems against hacking attempts and security breaches.
- Perform threat modeling to anticipate potential attack vectors.
- Analyze risks associated with identified vulnerabilities and recommend appropriate mitigation strategies.
- Develop custom tools and scripts to automate penetration testing and exploit known vulnerabilities.
- Keep up-to-date with the latest exploitation techniques and security tools.
- Prepare detailed reports on findings from penetration tests and security assessments.
- Document and present risks and vulnerabilities to relevant stakeholders, along with recommended countermeasures.
- Collaborate with the Blue Team to enhance the organization's defensive strategies based on offensive findings.
- Share insights and knowledge on emerging threats and attack techniques with the cybersecurity team to continually improve defensive measures.
Job Qualifications:
- Bachelors or Masters Degree in Computer Engineering, Computer Science or related field.
- At least 5 years of experience in penetration testing and vulnerability assessments or related roles.
- Strong knowledge of network and application security, ethical hacking, and cybersecurity principles.
- Familiarity with penetration testing tools (e.g., Metasploit, Burp Suite, Kali Linux).
- Excellent problem-solving skills and ability to think like an adversary.
- Good communication skills for effective reporting and stakeholder engagement.
- Rapid learning capability and able to work under pressure.
- Good command in written and spoken Thai and English language.
- Ability to present technical solutions with stakeholders in an easy way.
- Knowledge of International Security frameworks, Standards, and Guidelines e.g., NIST-800-53, PCI-DSS, OWASP, and etc.
- Professional Certificated related to work e.g. (CISSP, OSCP, OSWE) is desirable
