Penetration Tester (DSC/JH)

Company description:

ST Engineering Info-Security Pte Ltd

Job description:

We are seeking an experienced Penetration Tester to join our team. The successful candidate will have expertise in cloud security, penetration testing, and vulnerability assessment. The role involves identifying and exploiting vulnerabilities in cloud-based systems, applications, and infrastructure to help our organization strengthen its cloud security posture.

Responsibilities:

1. Conduct cloud penetration tests and vulnerability assessments to identify security weaknesses
2. Design and implement custom exploits to test cloud security controls
3. Analyze cloud security configurations and identify misconfigurations
4. Develop and maintain cloud security testing tools and scripts
5. Collaborate with development teams to implement secure coding practices
6. Provide detailed reports and recommendations for remediation
7. Stay up-to-date with emerging cloud security threats and technologies
8. Conduct vulnerability assessments and penetration tests on networks, web applications, mobile applications, wireless systems, clouds, and IoT
9. Perform host configuration review of OS, applications, and networks
10. Perform source code review
11. Perform security analysis on vulnerabilities
12. Prepare comprehensive reports documenting findings
13. Deliver presentations to customers
14. Keep abreast of new developments, emerging threats, and vulnerabilities in cybersecurity practices and technologies.

Requirements:

1. 3+ years of experience in cloud security, penetration testing, or a related field
2. Understanding of cloud platforms (AWS, Azure, and GCP)
3. Experience with cloud security tools and technologies is preferred
4. Proficiency in programming languages (e.g., Python, Bash)
5. Familiarity with vulnerability scanners and penetration testing frameworks (e.g., Nmap, Nessus, Metasploit)
6. Possess one (or more) of the following Security certifications (would be an added advantage):

1. Offensive Security Certified Professional (OSCP) certification
2. CREST Registered Penetration Tester (CRT)
3. GIAC Cloud Penetration Testing (GCPN) is preferred

Candidates with 5 years or more experience will be considered for the Senior Consultant position who can lead projects.

1. Ability to collaborate with team members, execute tasks effectively and independently
2. Strong analytical and problem-solving skills
3. Possess good communication, interpersonal, and reporting skills

Preferred Skillset:

1. Experience with DevOps and continuous integration/continuous deployment (CI/CD) pipelines
2. Knowledge of cloud security compliance frameworks (e.g., PCI-DSS, HIPAA)
3. Familiarity with containerization (e.g., Docker) and serverless computing

Work location: Jurong East