Who is Casaba?
Casaba Security is a cybersecurity consulting firm based in Malaysia, with an office in Hong Kong. The term cybersecurity encompasses the entire technology stack we use daily, from services and components to raw data. From the mobile device in your pocket, to the desktop software and cloud services you use every day, to the mission-critical systems that power our lives, Casaba has been there to design and test security.
What kind of work does Casaba do?
We are security advisors, engineers, and testers. From threat modeling and penetration testing to writing secure code, there are many aspects of the niche focus we call security that occur daily. We at Casaba work on long-term engagements to build and execute security programs for our clients, and on short-term engagements that may span a few days or a few weeks, such as investigating a new cloud service, video game, mobile platform, or retail outlet. There is considerable variety in this work, and while cybersecurity encompasses many niches, some general technical knowledge is required.
Positions and Job Description
We have immediate openings for junior, senior, and principal security consultants. This is your opportunity to be as resourceful as you want, develop your skills, and learn from and contribute to leading software development and security testing efforts. Casaba offers competitive salaries, profit sharing, medical benefits, and a terrific work/life balance. Casaba Security is an equal opportunity employer.
Do you like finding bugs in code? Have you built fuzzers, searched source code for vulnerabilities, or spotted defects in software designs? Do the terms threat modeling, buffer overflow, race condition, cross-site scripting, or SQL injection mean anything to you? Do you enjoy reverse-engineering malware or testing protocols? Can you discuss the security implications of router misconfigurations? Do you enjoy scanning and mapping networks, building tools to automate penetration testing, or other tasks? If so, then we have a job for you.
Do not worry if your security skills are not as sharp as you would like them to be. If you have a background in network administration, systems administration, or software development, we would like to speak with you. If you have aptitude in the aforementioned areas, we can teach you the skills needed to perform the security testing we conduct for clients. This is an excellent opportunity if you have been wanting to break into the security industry.
Desired Skills & Experience
You should have strong skills in some of the following areas:
· Web application development and deployment
· .NET framework, ASP.NET, AJAX, JSON, and web services
· Application development
· Mobile development (Android, iOS, etc.)
· Debugging and disassembly
· Operating system internals (Linux, Windows, etc.)
· Cloud services (AWS, Azure, etc.)
· Networking (protocols, routing, addressing, ACLs, etc.)
If you have a development background, you should be proficient in at least one programming language. We do not have any hard and fast requirements, but we often use and encounter:
· JavaScript
· C/C++
· C#/.NET
· Go
· Objective-C, Swift
· Java, Kotlin, Scala
· Assembly
Of course, having skills in any of the following areas is a definite plus:
· Web application security
· Source code analysis
· Malware and reverse engineering
· Cryptography
· Networking protocols
· Cloud security
· Database security
· Security Development Lifecycle (SDL)
· PCI Data Security Standard (PCI DSS), HIPAA, ISO 27001, or Sarbanes-Oxley
· Vulnerability assessment
· Network penetration testing
· Physical security
It is also a plus if you have strengths and experience in:
· Clear and confident oral and written communication skills
· Security consulting
· Project management
· Creative and critical thinking
· Music composition
· Cake baking and/or pie creation
Additional Information
Employment Type : Full-time
Functions : Consulting
Industries : Computer & Network Security
Compensation : Competitive salary + profit sharing
Travel : Occasional travel may be required. We pay regular bonuses to all employees and reward them based on performance, white papers, tool development, speaking engagements, and contributions to recruiting.
