Specialist, Red Teaming

We fuel the ideas and ambitions of our people with an environment built on Our DNA of Love, Entrepreneurship, Agility, and Passion – LEAP!

We are a culture that empowers everyone to innovate and create solutions that will leave a positive impact on our communities and our nation, Touch ‘n Go will always be here to inspire our talents to grow as leaders and innovators giving you the power to make a difference.

What would you do?

Responsible to plan and perform regular security test, monitoring and assessment on both frontend and backend application (mobile apps).

Responsible to plan and perform regular review of backend API/webservices.

Responsible to perform regular vulnerability assessment across all enterprise IT assets.

Responsible to conduct host configuration review on existing operating systems (servers/network devices).

Responsible to articulate and report discovered vulnerabilities in concise manners.

Responsible to work closely with respective stakeholders in identifying the appropriate remediation.

Responsible to engage third party vendor to perform regular application penetration test and facilitate security assessment.

Working closely with Risk team to ensure regular source code security review are performed and reported.

Responsible to follow up any application vulnerabilities until closing.

Working closely with development and QA team to ensure vulnerabilities are closed in time.

To plan and perform out-of-the-box security assessment against enterprise infrastructure to identify existing security gaps.

Who should join us?

Bachelor’s degree in Computer Science, Information Security, or related technical field.Minimum 5–7 years of hands-on experience in red teaming, penetration testing, or offensive security roles.

Strong technical expertise in:

Web and mobile app penetration testing (frontend/backend)API and web service security testing

Mobile app (Android/iOS) reverse engineering and testing tools (e.g., Frida, Burp, MobSF)OS and network-level assessment (Windows, Linux, network devices)

Secure SDLC, DevSecOps integration, and code scanning familiarity

Excellent scripting and automation skills (e.g., Python, Bash, PowerShell).

Prior experience in writing custom tools, exploits, or testing modules.

Strong reverse engineering skills for binaries or mobile apps.

Experience with CTF competitions, bug bounty, exploit development or security research publication is a plus.

Must be able to think out of the box, emulate real-world attacks, and identify unknown unknowns.

Offensive Security Certified Professional (OSCP)OffSec OSWE, OSEP, or OSEDGIAC GPEN, GWAPT, GMOB, GXPN

Mobile Application Security Certification Forensic related certification will be a plus.

Flexi working hours.

Monthly eWallet allowance.

Additional 1% employer EPF contribution from your 1st to 3rd year of service, with further increases based on your continued years of service.

Unlimited office pantry fruits, snacks and drinks.

Mobile and broadband subscription reimbursement.

Flexibility to opt dependants coverage (spouse, child, parents or parents-in-law) for outpatient medical benefits.

Additional leave including family leave and paid care leave to care for family members.

Medical coverage including dental, optometrist, mental care, maternity, registered Traditional Chinese Medicine (“TCM”) and Chiropractic.

Corporate membership discount and many more to explore.

We believe that you have what it takes to fit into the Touch ‘n Go family and help revolutionize the Fintech industry by paving the way to a cashless society. If you're ready to take the next step, apply now!

Touch ‘n Go is an organization that strives to provide Equal Opportunity Employment, based on merit, qualifications, capabilities, and calibre. It is Touch ‘n Go’s policy to not discriminate based on age, race, religion, colour or other personal status, identity or characteristics. Fair Opportunity is Our Value and Practice. Please advise us of any accommodations you may need by e-mailing: ********@tngdigital.com.my

Note: Only shortlisted candidates will be contacted.

Be careful - Don’t provide your bank or credit card details when applying for jobs. Don't transfer any money or complete suspicious online surveys. If you see something suspicious, report this job ad .