(A) Penetration Tester

- To perform penetration testing of web applications, API interfaces, mobile apps, source code, and network infrastructure (external & internal).

- To review configurations of hosts and databases.

- To prepare final penetration testing reports and provide detailed remediation guidance for findings.

- To conduct compliance assessments and vulnerability assessments.

- The position is based in Bangsar South for 1 year, post-project end.

Penetration testers should possess excellent computer skills, familiarity with hardware and network equipment, and programming skills to effectively identify vulnerabilities and recommend corrections.

• Certifications: OSCP, OSCE, CPENT, or equivalent.
• Deep knowledge of TCP/IP networking and application protocols.
• Understanding of software exploitation, vulnerabilities, port scanning, vulnerability assessment, and fuzzing tools.
• Knowledge of web technology protocols and OWASP Top 10, SANS 25 vulnerabilities.
• Experience with mobile app security testing and related APIs.
• Proficiency in scripting languages like Python.
• Knowledge of cryptography, security protocols, and penetration testing tools such as Metasploit.
• Understanding hardware exploitation techniques.
• Ability to conduct complex offensive security testing aligned with adversary tactics.
• Strong documentation skills for security issues and impacts.
• Ability to provide guidance on security remediation and collaborate with defensive teams.
• Capability to handle complex issues independently and contribute to process improvements.
• Experience with open-source penetration testing tools and emulating hacker tactics.
• Ability to develop scripts, tools, or methodologies to improve testing processes.

• Bachelor's degree in computer science, information systems, or equivalent experience.
• Experience with Penetration Testing tools like Burp Suite, Fortify, Metasploit, Wireshark, Kali Linux.
• Minimum 1 year industry experience.
• Knowledge of OWASP Top 10 vulnerabilities.
• Certifications such as OSCP, CREST CPSA, GWAPT, GPEN are advantageous.

- Salary range: RM3000-7000

- Minimum 1 year of experience; training provided.

- Year-end bonus based on performance.