Cybersecurity Threat Management Support Consultant
Beijing
- Organization: AIIB - Asian Infrastructure Investment Bank
- Location: Beijing
- Grade: Consultancy - Consultant - Contractors Agreement
-
Occupational Groups:
- Information Technology and Computer Science
- Security and Safety
- Closing Date: Closed
Application close date
09/22/2024
1. Project Background
The Asian Infrastructure Investment Bank (AIIB) is a multilateral development bank whose mission is financing Infrastructure for Tomorrow - infrastructure with sustainability at its core. With the continuous growth of AIIB, the number of bank personnel is increasing, and more business applications are developed and deployed, higher cybersecurity maturity and compliance are required. As a result, we need to have a cybersecurity operations program with more advanced technologies integrated to meet the requirements. This program will also ensure the bank's digital workspace be more resilient to the modern threat landscape and advanced technologies leveraged by threat actors.
2. Objectives of the Assignment
The qualified Cybersecurity Threat Management Support Consultant will focus on holistic threat management such as system security assessment, remediation and operationalize the exercises, as well as diligently exploring and discovering security exposures and attack paths from both external and internal sources within the Bank. This role involves managing attacking and defending exercises and operationalizing the cybersecurity program. The consultant will play a crucial role in strengthening the Bank's cybersecurity posture and ensuring the protection of digital workplace and business applications.
3. Scope of Services
1. Threat Management: - Conduct comprehensive assessments to identify and evaluate security exposures and attack paths. - Develop and implement remediation plans to mitigate identified threats. - Continuously monitor and assess the security landscape for emerging threats. 2. Security Exercises: - Plan, manage, and execute attack and defense exercises to test the Bank's security posture. - Analyze results and provide recommendations for improvements. - Operationalize the attacking and defending program by developing and implementing security requirements, procedures, and best practices. - Collaborate with teams to integrate the attack and defense exercises into the Bank’s security operation. 3. Ethical Hacking and Penetration Testing: - Perform regular and on-demand ethical hacking and penetration testing to identify security weaknesses. - Conduct risk assessments to prioritize remediation efforts. 4. Hacking Lab Management: - Set up and maintain a controlled environment for conducting simulated attacks and defensive exercises, including configuring networks, systems, and applications to mimic real-world scenarios. - Continuously evaluate and improve performance of the hacking lab infrastructure, keep up with the cutting-edge security technology development. 5. Other agreed cybersecurity related assignment - Performs other duties and responsibilities as assigned or required.
4. Consultancy Output / Deliverables
• Established and continuously improving attacking and defending exercise program including the plan and schedule, as well as the detailed design of each exercise. • Completed exercises with detailed reports. • Penetration tests and reports with remediation recommendations. • Threat analysis and applicable research documentation. • Cybersecurity system technology design, implementation, and support documentation. • Project delivered with all the required project management documentation. • Other agreed cybersecurity related deliverables.
5. Implementation Arrangement
N/A
6. Support to the Consultant by the Bank
N/A
7. Knowledge Transfer and Training
N/A
Qualification Requirement
• Proven domain expertise in offensive security subjects with intensive hands-on experience. • Knowledge of security protection for digital workspace, hybrid cloud and business applications such Microsoft 365, Azure, AWS, VMware, SAP, etc. • Knowledge of security and monitoring products such as firewall, EDR, IDS/IPS, Sandbox, Anti-Malware, SIEM, CSPM, DLP, etc. • Familiar with popular operating systems such as Windows, Linux, macOS, etc. • Familiar with popular programming languages such as Python, Go, JavaScript, Power Shell, Unix Shell, SQL etc. as well as the low-code development platforms. • Bachelor’s degree or higher in Computer Science, Information Technology, Computer Programming, Information Security, etc. Equivalent combination of education and experience is acceptable. • At least three (3) years’ experience in cyber security ethical hacking, penetration testing, red team operation, and/or cyber security engineering. • OSCP certification, CEH, or equivalent is a plus. • Result driven with the focus to the details and passion for cyber security. • Excellent problem-solving and analytical skills, with the ability to quickly identify security issues and propose security solutions. • Self-starter with the ability to work both independently and as a team player. • Must be able to brainstorm with technical and non-technical personnel, thrive in a collaborative team environment, and quickly adapt to change. • Must be able to write thorough, concise, and user-friendly documentation in English. • Strong interpersonal communication skills in English, both verbal and written. • High degree of diplomacy, integrity, and tact.