Our Ascend vision is to create life opportunities with innovative digital services.
We are blessed to be operating in ASEAN, where we are able to help one of the world’s largest populations of underbanked,
the people from some of the poorest provinces who are disregarded by traditional banks.
So many lives are waiting for our help.
In 2017, we served over 30 million customers in 6 countries
(Thailand, Cambodia, Myanmar, Vietnam, Indonesia, Philippines),
and processed over 4.5 billion USD.
This makes us by far the largest fintech company in SE Asia, and growing quickly.
As a member of our esteemed Info Security and Governance team, you will be helping to bring this vision to reality by leveraging the most modern cloud-native
technologies. At Ascend, you will be part of a team who are directly responsible for improving the lives of millions.
A penetration tester creates scripts and uses knowledge and experience to find vulnerabilities in corporate networks, applications and internal systems. Penetration testers
also use out-of-the-box applications that automate testing. The goal is to automate the hacking process, but testers can also manually make attempts to breach security. Once vulnerabilities are found, the penetration testers advise business managers how to
better secure their systems.
- Conduct Tests on Networks and Applications
Penetration testers shall perform security tests on networks, web-based, API and mobile applications, and computer systems.
The Penetration testers shall design these tests and tools to try to break into security-protected applications and networks to probe for vulnerabilities.
These testers keep up with the latest methods for ethical hacking and testing and are always evaluating new penetration testing tools.
Penetration testers shall use testing methods to pinpoint ways that attackers could exploit weaknesses in security systems.
The Penetration testers shall conduct network and system security audits, which evaluate how well an organization’s system conforms to a set of established criteria.
- Analyze Security Policies
make suggestions on security policy/baseline improvements, and work to enhance methodology material.
- Write Security Assessment Reports
After conducting thorough research and testing, penetration testers shall document their findings, write security reports, and discuss solutions with IT teams and management.
The penetesters also provide feedback and verification after security fixes are issued.
- Establish concepts for secure integration of systems/ networks, ensuring end- to- end security for data flows.
- Anticipating possible security threats and identifying areas of weakness in the proposed system, a Security Architect must be proactive to highlight the possible breaches
- Reviewing security measures and recommending to implementing enhancements
- Review and advise security solution architect for the proposed system such as: Network Segmentation, Application protection, Defense-in-depth, Remote Access, Encryption
Technologies, Backup/Replication/Multiple Sites, Cloud/Hybrid/Multiple Cloud Vendors, Software Defined Networking, Network Function, Virtualization
- Conducting security advisory and testing along the pipeline of the system delivery.
- Design and develop the in-house security aided systems to improve security operations.
- Conduct and manage Security Tools implementation project
- Drive end-to-end solution architecture integrity and the functional relationship with other projects and/or applications
- Develops solution conceptual designs and solution blueprints for IT projects
- Investigate complex strategic business issues, researching and identifying innovative solutions
- Review and approve functional specifications created by delivery project teams
- Create and manage a technology roadmap that articulates the positioning, capabilities and features for enablement of delivery capability and document and manage the formal
plan of record.
- Contribute to the development of the Service Level Agreements (SLA), evaluate performance and outline investments and process improvements to meet or exceed SLA expectations.
- Take part in projects to ensure the proposed/implemented architecture is in line with security requirements;
- Experience Liaise within the corporate Enterprise Architecture Office and IT Infrastructure for standardization of best practices, editing of guidelines and design of
- Supports overall security plans on various topics such as approval, funding development and resource management.
- Manages vendor relationships to maintain state of the art knowledge in emerging technologies and to speak to potential solution innovations which can exploit the latest
thinking in technology.
- Keeps up-to-date on emerging design and architecture methodologies and best practices.
- Recommends policies and goals that manage and assume risk for the technology functions under limited oversight.
- Develop Security Baseline to support existing Technology.
- Design security architecture elements to mitigate emerging threats
- Identify security design gaps in existing and proposed architectures and recommend changes or enhancements
- Develop security strategy plans and roadmaps based on enterprise architecture best practices.
- Cascade and leverage security advisory control and practice to the entire company group
- The ideal candidates will have skills and experience in many of the following:
Essential Skills & Prerequisites
- A positive, can-do attitude, who naturally expresses a high degree of empathy
- Bachelor or Master’s degree in Computer Engineering, MIS, IT or a related field.
- At least 3 year experiences in computer security area
- Have a foundation in good information security practices.
- Knowledge of International Security frameworks, Standards, and Guidelines eg, COBIT, NIST-800, ISO 27001, PCI-DSS, OWASP, and etc.
- Knowledge of E2E security design including network, platform and application
- Experience in system and application security management and control.
- Experience in facilitating information security risk assessments.
- Strong cyber threat intelligence and information security experience in complex organizations.
- Previous penetration testing experience and familiarity with commonly used tools and tactics.
- Familiarity with cyber security threats, defenses, motivations and techniques.
- Familiarity with security concerns facing large enterprises.
- Experience with offensive security analysis tools and tactics.
- Experience performing open source research.
- Experience distilling raw information into actionable intelligence.
- Operational understanding of TCP/IP and computer networking. Knowledge of the functions of security technologies such as IPS/IDS, Firewalls, Security Information
and Event Management tools, etc a plus.
- Familiarity with public cloud architectures and SOC operations that support public cloud operating models.
- Technical writing, documentation development, process mapping, and visual communication skills.
- Professional certificates related to work
CISSP, CISM, CISA, CRISC, CEH, Sec+, ISO 27001, PCI DSS,
OSCP, CEH, GPEN or similar general security certification)
- Talent to identify and create a broad vision for a security solution and to execute it;
- Systems Thinking - the ability to see how parts interact with the whole (big picture thinking);
- Proven experience of acting as the expert in project teams. PERSONAL SKILLS: Ability to explain your thoughts or findings also to non- technical professionals;
- Ability to convince doubters and naysayers that your concepts are relevant/ important;
- Efficient communication and team- player skills;
- Strong problem solving and analytical abilities Able to work under minimal supervision;
- Detail oriented;
- Excellent English (spoken And Written).