The Penetration Tester is a contract, remote-based role requiring an experienced and certified security practitioner capable of designing, executing, and managing comprehensive security assessments. This includes penetration testing, red teaming, and application security reviews to uncover critical vulnerabilities and assess organizational risk across diverse client environments.
Key Responsibilities:
- Plan, scope, and lead security assessment activities targeting network infrastructure, web applications, mobile platforms, and cloud environments.
- Conduct offensive security exercises, including Red Team exercises, to simulate real-world threats and test defensive capabilities.
- Oversee the thorough documentation of findings, providing clear, actionable, and prioritized recommendations to mitigate identified risks.
- Work directly with clients to understand their security objectives, define testing parameters, and clearly communicate the technical findings and associated business risk.
- Serve as a technical QA reviewer for reports and deliverables produced by junior consultants, ensuring accuracy, clarity, and adherence to industry best practices.
- Provide strategic counsel to clients on enhancing their overall security posture, incident response capabilities, and adherence to relevant compliance standards.
- Provide advisory, technical guidance, and project support to junior consultants.
- Ensure all project deliverables are completed with high quality and within the agreed timelines.
Qualifications & Experience
- Degree in Information Technology, Cybersecurity, or a related computer science field is preferred.
- 3-5+ years of hands-on experience in penetration testing, web and mobile application security, and managing red team exercises.
- Strong proficiency in both manual and automated security testing methodologies and tools (experience in publishing security exploits is an added advantage).
- Possession of industry-recognized certifications such as OSCP, CREST CRT, or equivalent is required.
- Expert understanding of exploitation techniques, attack methodologies (e.g., MITRE ATT&CK), and vulnerability assessment tools.
- Broad knowledge of core cybersecurity principles, defensive architectures, and relevant regulatory frameworks.
- Strong analytical skills with meticulous attention to detail for vulnerability research, analysis, and reporting.
- Demonstrated project management and leadership capabilities.
- Applicants must be able to perform their duties following Malaysia working hours.
