Enable job alerts via email!

Junior Consultant (Penetration Tester & GRC)

DACTA SG PTE. LTD.

Singapore

On-site

SGD 60,000 - 90,000

Full time

Today

Be an early applicant

Generate a tailored resume in minutes

Land an interview and earn more. Learn more

Job summary

A cybersecurity consulting firm in Singapore seeks candidates for a role focusing on Vulnerability Assessment and Penetration Testing (VAPT). Responsibilities include conducting security assessments across mobile apps and cloud environments, supporting GRC activities, and performing thorough source code reviews. Successful candidates will manage security projects and produce detailed technical reports, while staying current with industry standards to ensure compliance and provide risk management solutions.

Qualifications

Candidates should have experience with GRC and penetration testing.
Proficiency in conducting VAPT across various platforms is required.
Knowledge of static/dynamic analysis tools for mobile security testing.

Responsibilities

Conduct end-to-end VAPT across multiple environments.
Support GRC activities including risk assessments and policy reviews.
Manage security projects addressing cybersecurity risks.

Skills

GRC skills

Penetration testing

Vulnerability Assessment

Mobile security testing

Source code reviews

Risk prioritization

Technical reporting

Tools

MobSF

Frida

AWS

Azure

GCP

Java

Python

.NET

Node.js

Key Responsibilities:

Looking for candidates with GRC skills and a junior-level penetration testing background.
Conduct end-to-end Vulnerability Assessment and Penetration Testing (VAPT) across mobile apps (iOS/Android), cloud environments (AWS/Azure/GCP), networks, and applications for SME to enterprise clients.
Support Governance, Risk, and Compliance (GRC) activities, including assisting with risk assessments, policy reviews, and compliance documentation.
Perform mobile security testing including static/dynamic analysis (MobSF, Frida), reverse engineering, and assessment of anti-tampering controls.
Conduct host configuration reviews against CIS Benchmarks/NIST standards, identifying misconfigurations (weak permissions, default creds) and providing hardening recommendations.
Perform thorough source code reviews (SAST/manual analysis) for vulnerabilities (SQLi, XSS, logic flaws) in Java/Python/.NET/Node.js applications.
Provide expert risk prioritization (CVSS, exploitability) and remediation guidance tailored to client environments and business impact.
Deliver detailed technical reports with proof-of-concepts (PoCs), executive summaries, and actionable mitigation steps.
Conduct risk assessment on digital solutions and third parties. Identify potential risks and provide options to protect the OT critical infrastructure, ICT Infrastructure, application systems and cloud environment.
Conduct compliance checks on internal controls to ensure compliance with established policies and applicable regulations.
Assist in developing policies, standards and guidelines to safeguard digital assets in adherence to business needs, industrial best practices and regulatory requirements.
Manage security projects and solution implementation activities that address cybersecurity risks.
Plan, design and conduct cyber security incident response workshops and exercises (table‑top exercises, simulation, and drills).
Be aware of latest industry standards, regulatory requirements and the potential impacts to cybersecurity policies, standards and procedures.
Participate in client briefings to explain findings, address concerns, and align security improvements with business goals.

Get your free, confidential resume review.

or drag and drop a PDF, DOC, DOCX, ODT, or PAGES file up to 5MB.

Top companies

Popular jobs