Assistant Information Security Manager (Red Team)

Job Location: The Campus, Pun Hlaing Estate, Hlaing Thar Yar Township, Yangon.

Working Hours: 8:30 AM to 5:30 PM, (Monday to Friday)

Job Summary

Assistant Information Security Manager (Red Team) will be part of the Information Security team who will be responsible for assessing and strengthening the organization’s security posture through realistic adversarial simulations, security testing, and offensive security assessments. This role focuses on identifying security weaknesses across Wave Money’s digital assets, infrastructure, and applications and will play an important role in driving Information & Cyber Security transformation of Wave Money.

Key Responsibilities and Accountabilities

  • Lead and manage Red Team activities including adversarial simulations, penetration testing, and exploit development.
  • Develop and maintain Red Team strategy, methodologies, and annual testing roadmap aligned with organizational risks.
  • Design and execute realistic attack scenarios mapped to frameworks such as MITRE ATT&CK, tailored to Wave Money’s threat landscape.
  • Conduct penetration testing across applications, APIs, mobile, cloud, and on-premise environments.
  • Conduct or supervise advanced assessments such as social engineering tests, phishing campaigns, lateral movement exercises, and privilege escalation tests.
  • Perform exploit validation, verify severity ratings, and work with relevant teams to prioritize remediation.
  • Drive continuous improvement of vulnerability management processes and ensure tracking and closure within agreed SLAs.
  • Work closely with the Blue Team to share attack insights, improve detection rules, and test monitoring effectiveness.
  • Conduct red team exercises to help validate SIEM, EDR, and SOAR use cases and response workflows.
  • Provide clear post-engagement reports with technical details, impact analysis, and preventive measures.
  • Review infrastructure, application, and cloud security designs to identify architectural weaknesses.
  • Support secure SDLC activities by reviewing code deployments, CI/CD pipelines, and change requests from an offensive security perspective.
  • Evaluate third-party solutions and integrations for potential attack vectors.
  • Develop and maintain security guidelines, testing standards, security checklists, and other documentations.
  • Provide training, mentoring, and hands-on labs for junior team members.
  • Support organization-wide security awareness programs through controlled simulations and knowledge-sharing sessions.
  • Prepare reports for senior leadership on testing coverage, findings, attack simulation trends, and long-term improvements.

Key Performance and Success Indicators

  • Successful execution of planned penetration testing exercises within agreed timelines
  • Measurable improvement in detection coverage and reduction of undetected attack paths.
  • Timely reporting and effective communication of high-risk findings to stakeholders.
  • Strong collaboration outcomes with Blue Team, demonstrated by improved alert quality and lower false negatives.
  • Completion of vulnerability remediation activities within SLA and reduction in repeat findings.
  • Delivery of high-quality attack simulation documentation, including root-cause analysis and prevention recommendations.
  • Enhanced organization readiness through awareness programs, phishing simulations, and red/blue team exercises.

Experience, Functional Skills and Knowledge Areas

  • Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or equivalent experience.
  • Offensive security certifications such as OSCP, OSWE, OSEP, CREST CRT/CPT or similar are highly advantageous.
  • 5–6 years of relevant experience in offensive security, penetration testing, or red team operations, along with a minimum of 2 years of experience leading or supervising a security testing or red team function.
  • Previous experience in financial services, fintech, telecommunications, or other high-risk sectors is a strong advantage.
  • Strong hands-on experience in web, API, and mobile application penetration testing, as well as infrastructure, network, and cloud environments (AWS/Azure).
  • Proficient in scripting with Python, Bash, and PowerShell, and experienced in exploit development.
  • Familiarity with frameworks and standards: MITRE ATT&CK, OWASP Top 10, OWASP MASVS, CIS Controls.
  • Proficiency with industry tools such as Burp Suite, Metasploit, Nmap, Kali Linux suites, and commercial security testing platforms.
  • Understanding of secure SDLC, CI/CD pipelines, and modern application architectures.
  • Strong analytical, reporting, and communication skills to articulate technical findings to both technical and non-technical stakeholders.
  • Able to work independently with strong problem-solving capabilities and attention to detail.

Benefits

– Attractive remuneration
– Life and medical insurance
-Ferry Provided

Highlights

– Myanmar’s First Mobile Financial Services Provider
– International Working Environment

Career Opportunities

– Growing organization
– Develop your career

More Opportunities

iOS developer
iOS developer

We are looking for an iOS developer responsible for the development and design of iOS applications. Your primary focus will be development of iOS applications, SDK to support other applications, and integration with back-end services.

Learn More
Senior Full Stack Developer
Senior Full Stack Developer

Senior Full Stack Developer is responsible to maintain existing web applications written in PHP, JavaScript, design and develop new ones while working together with Product Owners, following requirement specification documents closely and working under agile principles.

Learn More
Senior Officer, Business Assurance Reporting
Senior Officer, Business Assurance Reporting

Business Assurance Reporting Specialist will design, develop and improve data/dashboards related to Fraud Patterns/Complaints and help analyze, collect and process data/information in order to generate reports to develop the governance processes and systems.

Learn More
Product Manager (KYC Tribe)
Product Manager (KYC Tribe)

This role leads the KYC Tribe by owning the full customer verification lifecycle, from initial registration to the creation of a reusable Unique ID. The Product Manager is responsible for balancing a fast, high-converting onboarding experience with strict regulatory compliance and zero-tolerance fraud defense.

Learn More

Wavemoney © 2025. All rights reserved.Developed by B360

chat icon
900 (Atom Number)
097 9000 9000 (Non-Atom Number)
099 7782 7977 (For All Operator)