Senior Penetration Tester

The Senior Penetration Tester is responsible for planning, executing, and leading penetration testing engagements to identify security vulnerabilities across networks, applications, systems, and cloud environments.

• Lead and perform penetration testing activities including web application, network & infrastructure, API, and cloud environments.
• Conduct black-box, grey-box, and white-box testing.
• Identify, exploit, and validate security vulnerabilities using manual and automated techniques.
• Develop clear, accurate, and actionable penetration test reports, including proof of concept (PoC), impact analysis, and remediation recommendations.
• Present findings to clients, management, and technical teams.
• Review and validate findings from junior pentesters.
• Provide technical guidance and mentoring to junior team members.
• Support red team exercises, vulnerability assessments, and security audits.
• Stay current with the latest threats, vulnerabilities, tools, and attack techniques.
• Assist in improving internal testing methodologies, tools, and documentation.
• Ensure testing activities comply with legal, regulatory, and contractual requirements.

• Strong knowledge of TCP/IP, DNS, HTTP/HTTPS and network architecture and security controls.
• Hands‑on experience with tools such as OWASP ZAP, SQLmap, Nikto.
• In-depth understanding of OWASP Top 10.
• Experience with scripting/programming (at least one language).
• Familiarity with cloud security (AWS, Azure, GCP) is an advantage.

• Minimum 4–6 years of hands‑on penetration testing experience.
• Proven experience leading penetration testing engagements independently.
• Strong report writing and communication skills.
• Bachelor’s degree in Computer Science, IT, Cybersecurity, or equivalent experience.
• Relevant certifications (one or more preferred): OSCP / OSEP / OSWE, CEH / CEH Master, GPEN / GWAPT / GXPN, CREST (CRT, CCT).

Interested applicants, kindly send your resume in MS WORD format to ref4@trustrecruit.com.my or click on “Apply Now” and provide the required details in your resume. We regret only shortlisted candidates will be notified.

Agensi Pekerjaan Trust Recruit Sdn Bhd is committed to safeguarding your personal data in accordance with the Personal Data Protection Act (PDPA). Please read our privacy statement on our corporate website www.trustrecruit.com.my.