Search by job, company or skills

Hong Leong Bank

VAPT Senior Executive

Hong Leong Bank
Malaysia
3-5 Years
Save
new job description bg glownew job description bg glow
  • Posted 13 hours ago
  • Be among the first 10 applicants
Early Applicant

Job Description

If you are looking to excel and make a difference, take a closer look at us…

Overview:

The Senior Executive, VAPT delivers hands-on offensive security testing. You will identify and validate

weaknesses across the bank's digital landscape by executing penetration tests, vulnerability scans and red-

teaming exercises against critical infrastructure and financial apps.

In this technical role, you manage the end-to-end testing lifecycle from scoping to final reporting. You will

translate complex vulnerabilities into actionable risk insights while ensuring compliance with BNM RMiT. You

act as a technical gatekeeper for new products, cloud migrations and third-party integrations before they enter

production.

You will partner with Security, App and Business teams to track remediation and ensure gaps are closed

precisely. By integrating testing into CI/CD pipelines, you will drive a Shift Left culture to secure the bank's

reputation and market standing.

Responsibilities:

  • Vulnerability & Testing Management: Participate end-to-end scanning and penetration testing (web, mobile, network) across the Group, prioritizing high-risk findings for remediation.
  • Operational Execution: Deliver security testing and special projects as assigned by team lead.
  • Audit & Regulatory Support: Prepare technical documentation and evidence for queries from auditors and BNM regarding security findings.
  • Risk Identification: Proactively identify and report critical security gaps that remain unaddressed by current controls.
  • Remediation Validation: Monitor and validate security gap closures to ensure compliance with Group SLAs and regulatory mandates.
  • Continuous Improvement: Suggest enhancements for security controls and software processes based on vulnerability trends.
  • Standard Maintenance: Assist in drafting and updating group-wide security procedures and ethical hacking standards.
  • Executive Reporting: Work with team lead to compile and present risk-based findings and remediation progress to senior management and IT Security Committees.
  • Vendor Oversight: Work with team lead to manage third-party security providers for mandatory assessments (Annual Pentests, PCI ASV) and oversee software licensing budgets.
  • Incident Support: Conduct impact assessments on system changes and provide offensive expertise during incident investigations to identify entry points.
  • Workflow Automation: Develop automated VAPT scripts and tools to improve testing efficiency.
  • Tooling Optimization: Work with team lead to deploy and tune Group VAPT tools (DAST, SAST, IAST) and automate attack surface management.

  • Technical Advisory: Provide hands-on VAPT technical assistance and troubleshooting for business units and branches.
  • Assurance: Conduct quality reviews on all internal/vendor VAPT reports to ensure technical depth and actionable remediation.
  • Attack Surface Design: Identify security blind spots in complex architectures and translate them into robust Group-wide testing scenarios.
  • Mitigation Analysis: Work with team lead to explain complex exploit chains to application owners and provide permanent mitigation strategies to prevent external breaches.
  • Emerging Threat Research: Evaluate new exploitation techniques (e.g., AI-driven attacks) and recommend defensive shifts to maintain Group resilience.
  • Security Validation: Collaborate with architects and software developers to execute security-by-design testing for regional products, ensuring alignment with established VAPT playbooks and standards.
  • Stakeholder & Team Collaboration: Work closely with Cyber Defense and App Security teams to align daily testing activities with the broader Group Technology strategy.
  • Risk Remediation Tracking: Conduct technical risk assessments of discovered flaws and track the remediation lifecycle across regional platforms to ensure gaps are closed.

Skills & Experience We Are Looking For:

  • Bachelor's Degree in Cybersecurity, Computer Science, Information Technology, or a related field.
  • Must possess at least one or more of the following: OSCP, CISA, GPEN, or equivalent industry-recognized security certification for hacking and/or VAPT.
  • 3 to 5 years of experience in Vulnerability Management or Penetration Testing.
  • Expertise in BNM RMiT (Risk Management in Technology) and PCI-DSS 4.0 standards.
  • Must have a strong understanding of industry-standard penetration testing methodologies, including:
    OSSTMM, OWASP, PTES and others.
  • Hands-on experience managing VA tools such as Tenable, Rapid7 InsightVM, Qualys and others.
  • Experience managing vulnerability lifecycles within enterprise ticketing platforms such as ServiceNow.
  • Expertise in cloud security (AWS, Azure, GCP) and on-prem security controls.

  • Experienced in manual exploitation techniques for web applications, including deep-dive testing for complex business logic flaws, API security, and session management vulnerabilities.
  • Experienced in manual security assessments for Mobile Applications (iOS/Android), focusing on binary analysis and secure data storage.
  • Experience in overseeing Red Team or adversarial simulation exercises to validate the effectiveness of the bank's security controls.
  • Ability to communicate complex security concepts to non-technical stakeholders.
  • Collaboration with cross-functional teams.
  • Manage working relationships with key technology suppliers.

For more job opportunities, please go to HLB Careers:

More Info

Job Type:
Permanent Job
Industry:
Banking/Accounting/Financial Services
Function:
Cybersecurity
Employment Type:
Full time

Job ID: 147439897

Jobs by Skill - IT
Jobs by Skill - Non IT
International Jobs
Last Updated: 14-05-2026 06:56:37 PM
Homejobs in MalaysiaVAPT Senior Executive