Enable job alerts via email!
PENETRATION TESTER
Bateriku
Shah Alam
On-site
MYR 70,000 - 90,000
Full time
3 days ago
Be an early applicant
Generate a tailored resume in minutes
Land an interview and earn more. Learn more
Job summary
A cybersecurity firm in Shah Alam, Malaysia, is seeking a professional to perform source code security reviews and assess risks related to various programming languages. The ideal candidate will conduct server assessments, produce detailed audit-grade deliverables, and collaborate with developers to validate security fixes. Knowledge of industry standards and collaboration skills are essential for success.
Qualifications
- Experience in performing source code security reviews in various languages.
- Ability to conduct server and OS hardening assessments.
- Knowledge of risk assessment methodologies for software components.
Responsibilities
- Perform source code security reviews to find vulnerabilities.
- Assess risks related to Node.js and provide improvement recommendations.
- Collaborate with teams to validate fixes and employ remediation.
Skills
Source code security review
Risk assessment
Security hardening
Testing scenarios
Technical findings documentation
Collaboration with developers
Automation for testing
Job description
- Perform source code security reviews (Java/NET/Python/Node/Go/etc) to find logic flaws, authentication/authorization bugs, injection risks, insecure deserialization, secrets in source, crypto misuse, and insecure third-party libs.
- Assess Node js runtime and package-related risks (dependency chain vulnerabilities, unsafe native modules, environment variable/secret handling, npm/yarn lockfile issues), and recommend SCA/SBOM improvements.
- Conduct server and OS hardening assessments, privilege escalation analysis, and persistence technique discovery.
- Run authenticated and unauthenticated test scenarios; produce reproducible exploits or proof-of-concepts where safe and permitted.
- Produce audit-grade deliverables: executive summary, technical findings, impact/risk ratings, CVSS mapping, step-by-step exploitation evidence, and prioritized remediation guidance suitable for PCI-DSS and ISO27001 audits.
- Collaborate with developers and infra engineers to validate fixes and re-test remediations.
- Design and maintain internal pentest methodologies, checklists and playbooks aligned to PCI-DSS (such as penetration testing requirements) and ISMS controls (Annex A).
- Participate in threat modelling, secure code training, and vulnerability triage sessions.
- Keep pentest tooling, scripts, and knowledge up to date contribute to automation for repeatable testing (CI/CD scans, SCA, DAST, SAST pipelines).
- When required, coordinate with Approved Scanning Vendors (ASVs), QSAs, or external auditors for compliance validation.
Get your free, confidential resume review.
or drag and drop a PDF, DOC, DOCX, ODT, or PAGES file up to 5MB.
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
Michael Carter
I was stuck sending out resumes with no response until I used JobLeads. They made my resume impossible for recruiters to ignore.
Sophie Reynolds
JobLeads' resume review helped me fix critical mistakes, and I started getting interviews almost immediately!
Daniel Fischer
With JobLeads' resume review, my resume went from overlooked to interview-ready in no time!