Jump to content
OpenSecurity.global
  • Recently Browsing   0 members

    No registered users viewing this page.

Sign in to follow this  
Rami Shaath

Eradah Capital in Dubai | New Digital Bank | Multiple Positions

Recommended Posts

DISCLAIMER - I don't work for, or endorse  this job posting.  However, I know the CISO well and is on a look out for awesome talent to build unique services in the region. 

if you are interested, reach out to him directly. (see below)  

 

Quote

If you are an Information Security & Cyber Security evangelist and willing to work for new digital bank; I got three open positions for hiring as part of my team (read the *important note* below so not to be eliminated):

- Head of Information Security Program

- Head of Identify & Access Management

- Security Operation Center & Threat Intelligence Manager

*Important note*: • Please spare me from your resume/profile in case no experience on above mentioned positions

  1. At least 7+ years of experience in similar field
  2. Financial sector experience profiles which will be prioritized
  3. Experience with Cloud platforms (Azure, AWS, etc.) along with hands-on skills
  4. Profiles not satisfying above will be disregarded

 

https://www.linkedin.com/posts/hussain-alkhalsan-ciso-65ab76a_ladies-gentlemen-if-you-are-an-information-activity-6565933167730098176-smFd

Share this post


Link to post
Sign in to follow this  

  • Members online now

    No members to show

  • Similar Content

    • By Salaheldin A.
      OSINT Tools collections:
      Verification Toolset : https://start.me/p/ZGAzN7/verification-toolset
      Mapping & Monitoring : https://start.me/p/7k4BnY/mapping-monitoring
      Tools: https://start.me/p/Wrrzk0/tools
      Search Engines:  https://start.me/p/b56G5Q/search-engines
      Social Media Dashboard : https://start.me/p/m6MbeM/social-media-intelligence-dashboard
      Threat Intel, OSINT and malware investigation resources : https://start.me/p/rxRbpo/ti
      AML Toolbox : https://start.me/p/rxeRqr/aml-toolbox
      Technisette collection  : https://start.me/p/wMdQMQ/tools
      Ph055a collection  : https://github.com/Ph055a/OSINT-Collection
    • By Rami Shaath
      Source: https://www.welivesecurity.com/2019/09/09/backdoor-stealth-falcon-group/
      Interesting... some overlap and use of RU infrastructure.. 
      Curious, has anyone found the SHA256 eqv of the SHA-1 (Yea.. I know) mentioned in the article?  Just hashes would suffice. 
    • By Dan Miles
      Heyo,
      I'm looking to get my hands on any known good open sources / repos  / pastebins of MageCart IOCs that are out there?
    • By Dean O'Neill
      Actual Job Posting BTW in Dublin, Ireland
      so when it comes to fast intelligence gathering of a company its pretty straight forward, there Security team may have "AMAZING" OPSEC (operational security) but every company have one huge issue, and that is how they recruit new people whether by internal HR departments or by hired recruiting teams. These teams need to display the required skills which both unfortunately and fortunately mean a lot of details are put up regarding systems and infrastructure. 
      Bellow is a posting for a IT Onsite Deskside Engineer for a prominent company who has a heavy hand in Information security (NO I WONT DROP THE NAME)

      But from this post we can clearly see some very important details, some of which I have marked in Yellow and list them with reasons bellow.

      1 - Dublin = we now have the location to look for when attacking these systems 
      2 - Datacenter Equipment = so they are running a large network or possible a WAN based network
      3 - Win 7 and Win 10 = Ok so we know what OS we will be looking at
      4 - MS Office = so we know if we are sending a phishing campaign we know what document type that will be normal to them
      5 - Desktops/Printers/Handhelds = Now we know they have multiple different devices belonging to the company in the location. 
      6 - Active directory = well we know they defiantly have a Target Goal on site
      7 - SMS/WebEX/LiveMeeting = ok now we have services we can use to spear phish with 
      8 - Handheld = Blackberry, Andriod and IOS = now we know the attack surface for the mobile devices for making malicious apps 
      9 - A+, CCNA, MCTS = we now know the skill level required, windows based servers being used and with the CCNA required there is a high chance they are using Cisco based systems
      10 - Experience / Degree = now we know the base level of education/experience the team maybe working with
       
      So I know there is a lot more here, but as I said above QUICK post above. So now we have some solid intelligence to hand over to our RedTeam or for us to build our own attack vectors.
      so I hope this quick write up will give you a few ideas, if you need advice or have any questions regarding the above post feel free to ask, im happy to answer them 🙂
       
×
×
  • Create New...

Important Information

We use cookies as we're cookie monsters. Privacy Policy