Technical Lead (Offensive Security)

Our client is a CREST‑accredited cybersecurity firm trusted by enterprises and public‑sector organisations across Singapore and the region. We are seeking a Technical Lead (Offensive Security).

This role offers the opportunity to influence how security testing is delivered, expand into advanced domains such as OT and application security, and help build a high‑performing technical team. This role requires strong technical depth across multiple security testing disciplines, including application security, infrastructure, cloud, and OT/ICS environments.

In this position, you will serve as the technical authority across security testing engagements, guiding teams, assuring quality, and advising clients on risk‑based security improvements. You will work closely with stakeholders across commercial, government, and regulated sectors, delivering assessments that are technically rigorous, compliant, and actionable.

Security Testing Leadership -

• You will lead and oversee a comprehensive range of security testing engagements spanning infrastructure vulnerability assessment and penetration testing (on‑premises, cloud, and hybrid environments), web application penetration testing, mobile application and API security testing, secure configuration reviews and security configuration testing, static and dynamic application security testing, and OT/ICS vulnerability assessment for industrial, IoT, and cyber‑physical systems. You will design testing strategies that effectively balance manual testing, automated scanning, and risk‑based analysis to deliver maximum value to clients.

Client Advisory & Engagement -

• As a key client‑facing technical resource, you will lead client briefings, technical walkthroughs, and executive debrief sessions. You will translate complex technical findings into clear business and operational risk narratives that resonate with non‑technical stakeholders. You will advise clients on remediation strategies, secure design principles, system hardening, and long‑term security improvement roadmaps. Additionally, you will support pre‑sales and tender response activities by providing technical input on scope definition, effort estimation, and addressing technical clarifications.

Team Mentorship & Capability Building -

• You will mentor and upskill consultants across different testing disciplines, ensuring consistent quality and knowledge transfer. You will review and approve junior team members’ test plans, methodologies, and reports to maintain high standards. You will also contribute to building internal capability in advanced testing areas such as static application security testing, OT security testing, and cloud‑native security.

The ideal candidate will possess the following qualifications and experience:

• Five to eight or more years of hands‑on cybersecurity testing experience, covering multiple disciplines beyond traditional VAPT
• Proven experience leading or acting as technical authority on complex security assessments
• OSCP certification (required)
• CREST CRT, CCT, or CPSA certification (strongly preferred)
• CISSP or CISM certification (strongly preferred)
• GIAC certifications such as GICSP, GPEN, GWAPT, or GXPN (desirable)