Security Analyst & Penetration Tester (CREST-Certified Preferred)

Security Analyst & Penetration Tester (CREST-Certified Preferred)

Conduct technical penetration tests across web applications, mobile apps, APIs, internal/external networks, and cloud environments (AWS, Azure, GCP).

Perform vulnerability assessments and red teaming exercises for clients in financial services, healthcare, and critical infrastructure.

Deliver detailed, actionable reports with risk ratings, technical findings, remediation guidance, and executive summaries.

Support the development of our automated security validation platform by feeding real-world attack patterns into detection logic.

Participate in incident response engagements and post-breach forensic analysis as needed.

Collaborate with developers and DevOps teams to embed secure practices (Shift-Left Security).

Maintain up-to-date knowledge of the latest attack vectors (e.g., OWASP Top 10, MITRE ATT&CK) and defensive countermeasures.

Assist in achieving and maintaining compliance with standards such as ISO 27001, SOC 2, PDPA, and MAS TRM.

Mentor junior analysts and contribute to internal security research and tooling.

Required Qualifications & Skills

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or related field.
• Minimum 3 years of hands-on experience in penetration testing and vulnerability assessment.
• CREST Certified Penetration Tester (CRT) or CREST Registered Penetration Tester (CPT) – mandatory preferred; applicants actively pursuing certification will be considered.
• Hold one or more of the following certifications:
• OSCP (Offensive Security Certified Professional) – highly valued
• Strong understanding of:
• Web and mobile application security
• Network protocols and firewall bypass techniques
• Identity & access management (IAM), API security
• Solid scripting skills (Python, Bash, or PowerShell) for automation and custom exploit development.
• Familiarity with Singapore-specific regulatory frameworks: PDPA, MAS TRM, CSA Essential Cyber Hygiene.

Preferred Attributes

• Experience conducting assessments for Financial Institutions -regulated entities or government agencies.
• Participation in bug bounty programs (HackerOne, Bugcrowd) with proven track record.
• Knowledge of cloud-native architectures and containerized environments (Docker, Kubernetes).
• Experience with adversary simulation or purple teaming.
• Active contributor to cybersecurity communities (blogs, CTFs, conferences).

• Competitive salary (RM80,000 – RM130,000, based on experience and certification)
• Full support for certification renewals and advanced training (e.g., OSCE, CRTO, GXPN)
• Flexible working hours and hybrid work model
• Opportunities to lead high-impact client engagements and shape the security offering
• Sponsorship for CREST membership and international accreditations

We take quality seriously. Shortlisted candidates will undergo:

• Technical screening (skills verification)
• Practical penetration testing challenge (scoped lab environment)
• Interview Head of Security

Note: All candidates must pass a background check. Prior consultancy or MSSP experience is advantageous.