(A) Penetration Tester

- To perform pen testing of web applications
- To perform pen testing of API interfaces
- To perform pen testing of mobile apps
- To perform pen testing of source code
- To perform pen testing of network infrastructure (external & internal)
- To perform configuration review of hosts and databases
- To perform pen test final reports and provide detailed remediation guidance for findings
- To perform compliance assessments
- To perform vulnerability assessments

1 year to be based in Bangsar South after the project end.
Penetration testers need to have excellent computer skills and familiarity with computer hardware and computer network equipment, as well as computer programming skills. These skills are also needed to help them effectively identify vulnerabilities and determine how to correct security issues.

Requirements:

• Candidates should possess certifications:
• Offensive Security Certified Professional (OSCP)
• Offensive Security Certified Expert (OSCE)
• Certified Penetration Testing Professional (CPENT)
• In-depth knowledge of TCP/IP networking and application protocols concepts.
• Understanding of software exploitation and common vulnerabilities.
• Understanding of port scanning, vulnerability assessment, and fuzzing tools.
• Knowledge of protocols associated with web technologies.
• Understanding of OWASP Top 10 and SANS 25 vulnerabilities and their mitigations.
• Knowledge about security testing of mobile apps and related APIs.
• Proficient with one of the scripting languages (e.g., Python).
• Knowledge of cryptographic and security protocols.
• Understanding of penetration testing tools like Metasploit; able to write auxiliary modules and code exploits.
• Knowledge on hardware exploitation techniques (e.g., firmware reverse engineering).
• Conduct highly complex offensive security testing consistent with known adversary tactics, techniques, and procedures and contribute to the development of objectives and approaches taken to remediate risk.
• Documentation of security issues and impacts identified through offensive security testing in a clear and concise manner to facilitate reporting to impacted stakeholders/organizations.
• Provide guidance and recommendations to stakeholders responsible for security remediation actions to close identified gaps, remediation validation testing, and to reduce the risk to an accepted minimal level.
• Consult with defensive operations teams on adversary tactics to guide and mature cyber defensive countermeasures.
• Independently handle complex issues with minimal supervision, while escalating only the most complex issues to appropriate staff.
• Assist in scoping and executing prospective engagements.
• Understand and safely use various open-source penetration testing tools and, when appropriate, emulate hacker tactics, techniques, and procedures.
• Develop comprehensive and accurate reports and presentations for various consumers of penetration testing results.
• While in-between assessments, you will be expected to improve any existing processes, develop tools, and potentially find new clients and prospective hires.
• Develop scripts, tools, or methodologies to enhance MSI's penetration testing processes.

Qualifications:

• Bachelor's degree, preferably in computer science or information systems, or equivalent work experience.
• Capable with penetration testing tools like Burp Suite, Fortify, Metasploit, Wireshark, and Kali Linux.
• Minimum 1 year of industry experience.
• Capable with OWASP Top 10 security vulnerabilities.
• Added advantage if acquired certifications such as OSCP, CREST CPSA, GWAPT, GPEN, and others.

Salary: RM3000-7000
Experience: Minimum 1 year
Training: Will be provided
Bonus: Year-end bonus subject to performance review.