Penetration Tester

We are looking for a passionate and experienced Penetration Tester to join our team. The ideal candidate should have strong security expertise across various domains including Web, Mobile, APIs, Network, IoT, OT, and GenAI/LLM environments. You will be responsible for performing in-depth penetration testing, identifying security vulnerabilities, developing automation tools, and working closely with internal teams to drive secure development. The a proactive mindset, strong scripting capabilities, and the ability to think like an attacker.

• Conduct penetration testing for Web, Mobile, and API applications, Internal/External Networks, Thick Client applications, IoT and OT systems, and GenAI C Large Language Model (LLM) platforms.
• Perform vulnerability assessments and risk assessments for business-critical systems.
• Develop and maintain automation scripts/tools to support penetration testing workflows.
• Participate in and contribute to Bug Bounty platforms and red team simulations.
• Safely replicate attacker techniques, tactics, and procedures to simulate real-world attacks.
• Prepare comprehensive and detailed technical reports with prioritized, actionable recommendations.
• Engage with developers, engineers, and stakeholders to discuss findings and support remediation.
• Manage third-party pentest vendors and ensure alignment with internal security standards.
• Stay current with emerging threats, exploits, tools, and vulnerabilities.

• Must have Bachelor's degree in Computer Science or related discipline.
• Must have minimum 3–5 years of hands‑on penetration testing experience.
• Strong understanding of OWASP Top 10, SANS Top 25, CVSS, and MITRE ATTCCK framework.
• Must have minimum 3–5 years of hands‑on experience in offensive security tools (e.g., Burp Suite, Metasploit, Nmap, Wireshark, Postman, etc.).
• Ability to script in Python, Bash, or PowerShell to automate tasks and build custom tooling.
• Experience with manual testing techniques beyond automated scanning tools.
• Prior participation in Bug Bounty programs (e.g., HackerOne, Bugcrowd, Synack).
• Familiarity with CI/CD integration and DevSecOps practices.
• Strong communication skills with the ability to explain technical findings to non‑technical stakeholders.
• Experience in testing GenAI, LLM‑based APIs, or AI‑powered systems would be an added benefit.
• Knowledge of cloud security and containerized environments (Docker, Kubernetes) is a plus.

• OSCP (Offensive Security Certified Professional)
• CEH Practical (Certified Ethical Hacker – Practical)
• EC-Council Certified Ethical Hacker (CEH)
• Any ISC2‑related certification (SSCP, CISSP, etc.)

Interested candidates may apply through the application system or send it to lv@morganmckinley.com. Shortlisted candidates will be notified.

By sending us your personal data and curriculum vitae (CV), you are deemed to consent to Morgan Mckinley Pte Ltd and its affiliates to collect, use and disclose your personal data for the purposes set out in the Privacy Policy available at https://www.morganmckinley.com/sg/privacy-policy. You acknowledge that you have read, understood, and agree with the Privacy Policy.

Morgan McKinley Pte Ltd
Dinu Dinesh

EA License No: 11C5502

EAP Registration No: R22110286