Enable job alerts via email!
PENETRATION TESTER - GOVT CLEARANCE
Infinity Cybersec Pte Ltd
Singapore
On-site
SGD 80,000 - 120,000
Full time
Generate a tailored resume in minutes
Land an interview and earn more. Learn more
Job summary
A cybersecurity firm seeks a skilled Penetration Tester with CAT1 clearance to lead complex VAPT engagements for government and critical infrastructure in Singapore. This role emphasizes advanced threat emulation techniques across various environments, requiring strong technical expertise, notable certifications, and the ability to deliver actionable remediation strategies. Join a dynamic team and contribute to securing vital national assets.
Qualifications
- Requires CAT1 Security Clearance and 2+ years of pentesting experience.
- Strong skills in exploit development (C++, Python) and tool proficiencies.
- Experience with government compliance frameworks and reporting.
Responsibilities
- Lead VAPT for Singapore government, executing full-scope attacks.
- Develop custom malware/exploits and deliver executive briefings.
- Conduct advanced red team operations and document TTPs.
Skills
Education
Tools
Job description
Job Overview
We seek a Penetration Testing with CAT1 clearance to lead VAPT for Singapore government and critical infrastructure sectors. You will execute full-scope attacks (networks, apps, cloud, OT), bypass advanced defenses, and deliver actionable remediation strategies. This role requires CREST/OSCP certification, deep exploit development skills, and experience with GovTech cybersecurity frameworks.
Core Responsibilities
Advanced Threat Emulation:
1. CAT1-cleared engagements:
2. Network: Breach segmented govt networks (e.g., air-gapped systems)
3. Applications: Exploit web/mobile apps (SCADA interfaces, GovTech portals)
4. Cloud: Attack AWS GovCloud/Azure Government environments
5. OT: ICS/SCADA system penetration (Siemens, Rockwell)
6. Develop custom malware/exploits (C++, Python) to evade EDR/XDR.
Red Team Operations:
1. Lead multi-vector campaigns:
2. Phishing (Evade Proofpoint/MS ATP)
3. Physical security bypass (RFID cloning, access control spoofing)
4. Wireless attacks (802.1X, WPA3-Enterprise)
5. Document TTPs aligned with MITRE ATT&CK for ICS/Enterprise.
Govt Compliance & Reporting:
1. Align tests with IM8, CSA Red Teaming Guidelines, and NIST SP 800-115.
2. Deliver executive briefings to CISOs with exploit demos.
3. Create remediation playbooks
Research & Development:
1. Reverse engineer firmware (Binwalk, Ghidra) for 0-day discovery.
2. Contribute to ASEAN CERT advisories (e.g., SingCERT).
Technical Requirements
Non-Negotiable Credentials
1. CAT1 Security Clearance
2. Active Certifications: OSCP or CREST CRT/CCT (Inf/App)
3. 2+ years in pentesting
Tool Proficiency
1. Exploitation - Metasploit Pro, Cobalt Strike, Burp Suite Pro, PowerSploit
2. Post-Exploit - BloodHound, Mimikatz, Impacket, Covenant C2
3. Forensics - Volatility, Wireshark, CHIRP (ICS)
4. Wireless - HackRF One, Proxmark3, Wi-Fi Pineapple
5. Cloud - Pacu (AWS), MicroBurst (Azure), GCP IAM Exploit Toolkit
Preferred Qualifications
1. Certifications: OSCE³, CREST CCT Gold, OSCP
2. Govt Framework Experience: IM8 Penetration Test Guidelines, CSA Cyber Essentials
3. Public Contributions: CVEs, exploit-db submissions, conference talks (Black Hat Asia, DEFCON)
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
job faster
Follow us
