Specialist, Red Teaming

Specialist, Red Teaming based in Kuala Lumpur. Our client is a prominent player in Malaysia's Fintech industry, known for driving digital innovation and financial solutions.

• This is a Specialist role in Red Team/Offensive Security to join our Tech Division’s IT Security team.
• This is a highly technical role, responsible for proactively identifying security weaknesses across the organization’s systems through simulated attacks, vulnerability assessments, and deep-dive testing of enterprise infrastructure and applications.
• Must possess strong penetration testing, reverse engineering, and security research skills, with a proven track record in testing mobile apps, web applications, APIs, networks, and operating systems.
• Plan and perform regular security tests, monitoring and assessments on both frontend and backend applications (mobile apps).
• Plan and perform regular reviews of backend API/web services.
• Perform regular vulnerability assessments across all enterprise IT assets.
• Conduct host configuration reviews on existing operating systems (servers/network devices).
• Articulate and report discovered vulnerabilities in concise manner.
• Work closely with respective stakeholders to identify appropriate remediation.
• Engage third-party vendors to perform regular application penetration tests and facilitate security assessments.
• Work closely with Risk team to ensure regular source code security reviews are performed and reported.
• Follow up on application vulnerabilities until closure, working with development and QA teams to ensure timely remediation.
• Plan and perform out-of-the-box security assessments against enterprise infrastructure to identify security gaps.

• Bachelor’s degree in Computer Science, Information Security, or related technical field.
• Minimum 5–7 years of hands-on experience in red teaming, penetration testing, or offensive security roles.
• Strong technical expertise in:
• • Web and mobile app penetration testing (frontend/backend)
  • API and web service security testing
  • Mobile app (Android/iOS) reverse engineering and testing tools (e.g., Frida, Burp, MobSF)
  • OS and network-level assessment (Windows, Linux, network devices)
  • Secure SDLC, DevSecOps integration, and code scanning familiarity
  • Excellent scripting and automation skills (e.g., Python, Bash, PowerShell)
  • Prior experience in writing custom tools, exploits, or testing modules
  • Strong reverse engineering skills for binaries or mobile apps
  • Experience with CTF competitions, bug bounty, exploit development or security research publication is a plus
  • Ability to think outside the box, emulate real-world attacks, and identify unknown unknowns
  • Offensive Security Certified Professional (OSCP) and/or OffSec OSWE, OSEP, or OSED
  • GIAC GPEN, GWAPT, GMOB, GXPN
  • Mobile Application Security Certification
  • Forensic-related certification will be a plus

• Strong Brand & Industry Reputation
• Modern Office & Facilities
• Tech-Focused & Impact-Driven Work
• Close to Public Transport LRT