Ascend Group Co., Ltd.

Security Advisory - Penetration Tester (True Money)

Ascend Group Co., Ltd.
Salary provided
Posted on 16 Oct 2020

Security Advisory - Penetration Tester (True Money)

Ascend Group Co., Ltd.

Job Highlights

  • Experienced in Penetration testing on
  • mobile application
  • Also responsible for Security Advisory to BU

Job Description

Security Advisory

Our Ascend vision is to create life opportunities with innovative digital services. We are blessed to be operating in ASEAN, where we are able to help one of the worlds largest populations of underbanked, the people from some of the poorest provinces who are disregarded by traditional banksSo many lives are waiting for our help.

In 2017, we served over 30 million customers in 6 countries (Thailand, Cambodia, Myanmar, Vietnam, Indonesia, Philippines), and processed over 4.5 billion USD. This makes us by far the largest fintech company in SE Asia, and growing quickly.

As a member of our esteemed Info Security and Governance team, you will be helping to bring this vision to reality by leveraging the most modern cloud-native technologiesAt Ascend, you will be part of a team who are directly responsible for improving the lives of millions.  

Penetration Tester 

A penetration tester creates scripts and uses knowledge and experience to find vulnerabilities in corporate networks, applications and internal systems. Penetration testers also use out-of-the-box applications that automate testing. The goal is to automate the hacking process, but testers can also manually make attempts to breach security. Once vulnerabilities are found, the penetration testers advise business managers how to better secure their systems. 

Key Responsibilities

  • Conduct Tests on Networks and Applications

o    Penetration testers shall perform security tests on networks, web-based, API and mobile applications, and computer systems.

o     The Penetration testers  shall design these tests and tools to try to break into security-protected applications and networks to probe for vulnerabilities.

o    These testers keep up with the latest methods for ethical hacking and testing and are always evaluating new penetration testing tools.

  • Conduct Security Audits

o    Penetration testers shall use testing methods to pinpoint ways that attackers could exploit weaknesses in security systems.

o    The Penetration testers shall conduct network and system security audits, which evaluate how well an organization’s system conforms to a set of established criteria.

  • Analyze Security Policies

o    make suggestions on security policy/baseline improvements, and work to enhance methodology material.

  •  Write Security Assessment Reports

o    After conducting thorough research and testing, penetration testers shall document their findings, write security reports, and discuss solutions with IT teams and management.

o    The penetesters also provide feedback and verification after security fixes are issued.

Security Advisory - Solution Architect

Key Responsibilities

  • Establish concepts for secure integration of systems/ networks, ensuring end- to- end security for data flows.
  • Anticipating possible security threats and identifying areas of weakness in the proposed system, a Security Architect must be proactive to highlight the possible breaches of security.
  • Reviewing security measures and recommending to implementing enhancements
  • Review and advise security solution architect for the proposed system such as: Network Segmentation, Application protection, Defense-in-depth, Remote Access, Encryption Technologies, Backup/Replication/Multiple Sites, Cloud/Hybrid/Multiple Cloud Vendors, Software Defined Networking, Network Function, Virtualization
  • Conducting security advisory and testing along the pipeline of the system delivery.
  • Design and develop the in-house security aided systems to improve security operations.
  • Conduct and manage Security Tools implementation project
  • Drive end-to-end solution architecture integrity and the functional relationship with other projects and/or applications
  • Develops solution conceptual designs and solution blueprints for IT projects
  • Investigate complex strategic business issues, researching and identifying innovative solutions
  • Review and approve functional specifications created by delivery project teams
  • Create and manage a technology roadmap that articulates the positioning, capabilities and features for enablement of delivery capability and document and manage the formal plan of record.
  • Contribute to the development of the Service Level Agreements (SLA), evaluate performance and outline investments and process improvements to meet or exceed SLA expectations.
  • Take part in projects to ensure the proposed/implemented architecture is in line with security requirements;
  • Experience Liaise within the corporate Enterprise Architecture Office and IT Infrastructure for standardization of best practices, editing of guidelines and design of reusable components.
  • Supports overall security plans on various topics such as approval, funding development and resource management.
  • Manages vendor relationships to maintain state of the art knowledge in emerging technologies and to speak to potential solution innovations which can exploit the latest thinking in technology.
  • Keeps up-to-date on emerging design and architecture methodologies and best practices.
  • Recommends policies and goals that manage and assume risk for the technology functions under limited oversight.
  • Develop Security Baseline to support existing Technology. 
  • Design security architecture elements to mitigate emerging threats
  • Identify security design gaps in existing and proposed architectures and recommend changes or enhancements
  • Develop security strategy plans and roadmaps based on enterprise architecture best practices.
  • Cascade and leverage security advisory control and practice to the entire company group
  • The ideal candidates will have skills and experience in many of the following:

Essential Skills & Prerequisites

  • A positive, can-do attitude, who naturally expresses a high degree of empathy to others
  • Bachelor or Masters degree in Computer Engineering, MIS, IT or a related field.
  • At least 3 year experiences in computer security area
  • Have a foundation in good information security practices.
  • Knowledge of International Security frameworks, Standards, and Guidelines eg, COBIT, NIST-800, ISO 27001, PCI-DSS, OWASP, and etc.
  • Knowledge of E2E security design including network, platform and application
  • Experience in system and application security management and control.
  • Experience in facilitating information security risk assessments.
  • Strong cyber threat intelligence and information security experience in complex organizations.
  • Previous penetration testing experience and familiarity with commonly used tools and tactics.
  • Familiarity with cyber security threats, defenses, motivations and techniques.
  • Familiarity with security concerns facing large enterprises.
  • Experience with offensive security analysis tools and tactics.
  • Experience performing open source research.
  • Experience distilling raw information into actionable intelligence.
  • Operational understanding of TCP/IP and computer networking. Knowledge of the functions of security technologies such as IPS/IDS, Firewalls, Security Information and Event Management tools, etc a plus.
  • Familiarity with public cloud architectures and SOC operations that support public cloud operating models.
  • Technical writing, documentation development, process mapping, and visual communication skills.
  • Professional certificates related to work (e.g. CISSP, CISM, CISA, CRISC, CEH, Sec+, ISO 27001, PCI DSS, OSCP, CEH, GPEN or similar general security certification) is desirable
  • Talent to identify and create a broad vision for a security solution and to execute it;
  • Systems Thinking - the ability to see how parts interact with the whole (big picture thinking);
  • Proven experience of acting as the expert in project teams. PERSONAL SKILLS: Ability to explain your thoughts or findings also to non- technical professionals;
  • Ability to convince doubters and naysayers that your concepts are relevant/ important;
  • Efficient communication and team- player skills;
  • Strong problem solving and analytical abilities Able to work under minimal supervision;
  • Detail oriented;
  • Excellent English (spoken And Written).

Additional Information

Career Level
Not Specified
Not Specified
Years of Experience
Not Specified
Job Type
Full Time, Permanent

Company Overview

About Ascend Group

Ascend Group is more than just a family of tech companies: it’s being part of the change to create opportunities for millions of lives and businesses through world-class digital platforms and services in Southeast Asia. At the heart of all Ascenders is the passion to unleash the power of technology to uplift the standards of living and businesses. To us, technology is the means we solve the problems people and businesses face each day, and enable us to disrupt the way we live, enjoy and thrive today and into the future.

Ascend Group comprises of several affiliated businesses with reputable brands on the market:

Ascend Money:Fintech & E-Payment

  • TrueMoney
  • Ascend Nano 

Ascend Commerce:E-Commerce / E-Procurement /Fulfillment

  • WeLoveShopping
  • WeMall
  • WeFresh
  • Pantavanij
  • Ascend Travel
  • Egg Digital 
  • Aden

Digital Enablers:Data Center & Cloud Service Provider

  • TrueIDC

If you want to be part of the change to transform our region towards brighter tomorrows, we welcome you to apply and join our team today! Apply now for the opportunity to be proud in having a truly meaningful and rewarding career that awaits you. 


  • Five-day work week
  • Flexible working hours
  • Life insurance
  • Medical insurance
  • Performance bonus
  • Provident Fund    

Additional Company Information

Benefits & Others
Dental insurance, Five-day work week, Flexible working hours, Gratuity, Life insurance, Medical insurance, Performance bonus, Travel allowance, Work from home