174 Penetration Tester jobs in Singapore

Job Summary:

We are seeking a highly skilled Penetration Tester to join our cybersecurity team. In this role, you will be responsible for performing advanced penetration tests on networks, web applications, and systems to identify vulnerabilities and recommend security improvements. The ideal candidate will have experience with various security frameworks, offensive security techniques, and the ability to work both independently and in a team. Holding a CRT (CREST Registered Tester)certification is preferred but not mandatory. You will collaborate with stakeholders to improve the security posture of the organization and its clients.

Key Responsibilities:

• Perform in-depth penetration tests on a wide range of environments, including networks, web applications, mobile applications, and cloud infrastructure.
• Identify and exploit vulnerabilities, and provide actionable remediation recommendations.
• Develop and execute custom test cases, scenarios, and scripts to simulate attack vectors.
• Create detailed reports that clearly communicate findings, risk levels, and suggested mitigation strategies to both technical and non-technical stakeholders.
• Stay up-to-date with the latest cybersecurity threats, vulnerabilities, and technologies.
• Collaborate with development, IT, and security teams to address identified security weaknesses and verify fixes.
• Provide technical advice on security best practices and strategies for securing information systems.
• Assist in threat modeling and security architecture reviews.
• Support red team engagements and simulated attack scenarios.
• Ensure testing methodologies are aligned with industry standards such as OWASP, NIST, CIS Controls, and MITRE ATT&CK framework.
• Participate in security incident response when required, assisting in post-incident forensic investigations.

Requirements:

• Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or a related field (or equivalent experience).
• Proven experience in penetration testing across various domains (network, web, mobile, cloud, etc.).
• Strong knowledge of penetration testing tools such as Nmap, Metasploit, Burp Suite, Wireshark, Nessus, Kali Linux, etc.
• Deep understanding of network protocols, operating systems (Windows, Linux), and application security.
• Familiarity with security frameworks like CIS, NIST, and OWASP.
• Experience in writing custom scripts to automate security testing (e.g., Python, Bash, PowerShell).
• Ability to work both independently on projects and collaboratively in a team setting.
• Strong problem-solving skills, with the ability to think critically and analytically.
• Excellent communication skills, with the ability to present complex technical issues to non-technical stakeholders.

Preferred Qualifications:

• CRT (CREST Registered Tester) certification is preferred.
• Other relevant certifications such as OSCP, OSWE, CPT, CEH, GPEN, or CISSP.
• Knowledge of cloud security testing in platforms like AWS, Azure, or Google Cloud.
• Familiarity with container security (e.g., Docker, Kubernetes) and DevSecOps practices.
• Understanding of social engineering techniques and their role in penetration testing.
• Experience with advanced techniques such as exploit development and red teaming.

Job Overview

We are seeking for a Penetration Tester with CAT1 Security Clearance to lead VAPT for Singapore government and critical infrastructure sectors. You will execute full-scope attacks (networks, apps, cloud, OT), bypass advanced defenses, and deliver actionable remediation strategies.

This role requires CREST/OSCP certification, deep exploit development skills, and experience with GovTech cybersecurity frameworks.

Core Responsibilities

Advanced Threat Emulation:

1. CAT1-cleared engagements:
2. Network: Breach segmented govt networks (e.g., air-gapped systems)
3. Applications: Exploit web/mobile apps (SCADA interfaces, GovTech portals)
4. Cloud: Attack AWS GovCloud/Azure Government environments
5. OT: ICS/SCADA system penetration (Siemens, Rockwell)
6. Develop custom malware/exploits (C++, Python) to evade EDR/XDR.

Red Team Operations:

1. Lead multi-vector campaigns:
2. Phishing (Evade Proofpoint/MS ATP)
3. Physical security bypass (RFID cloning, access control spoofing)
4. Wireless attacks (802.1X, WPA3-Enterprise)
5. Document TTPs aligned with MITRE ATT&CK for ICS/Enterprise.

Govt Compliance & Reporting:

1. Align tests with IM8, CSA Red Teaming Guidelines, and NIST SP 800-115.
2. Deliver executive briefings to CISOs with exploit demos.
3. Create remediation playbooks

Research & Development:

1. Reverse engineer firmware (Binwalk, Ghidra) for 0-day discovery.
2. Contribute to ASEAN CERT advisories (e.g., SingCERT).

Technical Requirements

Non-Negotiable Credentials:

1. CAT1 Security Clearance
2. Active Certifications: OSCP or CREST CRT/CCT (Inf/App)
3. 2+ years in pentesting

Tool Proficiency

1. Exploitation - Metasploit Pro, Cobalt Strike, Burp Suite Pro, PowerSploit
2. Post-Exploit - BloodHound, Mimikatz, Impacket, Covenant C2
3. Forensics - Volatility, Wireshark, CHIRP (ICS)
4. Wireless - HackRF One, Proxmark3, Wi-Fi Pineapple
5. Cloud - Pacu (AWS), MicroBurst (Azure), GCP IAM Exploit Toolkit

Preferred Qualifications

1. Certifications: OSCE³, CREST CCT Gold, OSCP
2. Govt Framework Experience: IM8 Penetration Test Guidelines, CSA Cyber Essentials
3. Public Contributions: CVEs, exploit-db submissions, conference talks (Black Hat Asia, DEFCON)

Job Overview
We are seeking for a Penetration Tester with CAT1 Security Clearance to lead VAPT for Singapore government and critical infrastructure sectors. You will execute full-scope attacks (networks, apps, cloud, OT), bypass advanced defenses, and deliver actionable remediation strategies.
This role requires CREST/OSCP certification, deep exploit development skills, and experience with GovTech cybersecurity frameworks.
Core Responsibilities
Advanced Threat Emulation:
CAT1-cleared engagements:
Network: Breach segmented govt networks (e.g., air-gapped systems)
Applications: Exploit web/mobile apps (SCADA interfaces, GovTech portals)
Cloud: Attack AWS GovCloud/Azure Government environments
OT: ICS/SCADA system penetration (Siemens, Rockwell)
Develop custom malware/exploits (C++, Python) to evade EDR/XDR.
Red Team Operations:
Lead multi-vector campaigns:
Phishing (Evade Proofpoint/MS ATP)
Physical security bypass (RFID cloning, access control spoofing)
Wireless attacks (802.1X, WPA3-Enterprise)
Document TTPs aligned with MITRE ATT&CK for ICS/Enterprise.
Govt Compliance & Reporting:
Align tests with IM8, CSA Red Teaming Guidelines, and NIST SP 800-115.
Deliver executive briefings to CISOs with exploit demos.
Create remediation playbooks
Research & Development:
Reverse engineer firmware (Binwalk, Ghidra) for 0-day discovery.
Contribute to ASEAN CERT advisories (e.g., SingCERT).
Technical Requirements
Non-Negotiable Credentials:
CAT1 Security Clearance
Active Certifications: OSCP or CREST CRT/CCT (Inf/App)
2+ years in pentesting
Tool Proficiency
Exploitation - Metasploit Pro, Cobalt Strike, Burp Suite Pro, PowerSploit
Post-Exploit - BloodHound, Mimikatz, Impacket, Covenant C2
Forensics - Volatility, Wireshark, CHIRP (ICS)
Wireless - HackRF One, Proxmark3, Wi-Fi Pineapple
Cloud - Pacu (AWS), MicroBurst (Azure), GCP IAM Exploit Toolkit
Preferred Qualifications
Certifications: OSCE3, CREST CCT Gold, OSCP
Govt Framework Experience: IM8 Penetration Test Guidelines, CSA Cyber Essentials
Public Contributions: CVEs, exploit-db submissions, conference talks (Black Hat Asia, DEFCON)
#J-18808-Ljbffr

Company: Fortiedge Pte. Ltd.

About Us: Fortiedge is a cybersecurity firm dedicated to protecting our clients' digital assets. We are committed to innovation, excellence, and providing top-notch services. Join our team and help us safeguard the future.

Job Description: We are seeking a skilled and motivated Penetration Tester to join our cybersecurity team. The ideal candidate will have a strong background in ethical hacking and a passion for identifying and mitigating security vulnerabilities. As a Penetration Tester, you will be responsible for conducting comprehensive security assessments, simulating cyber-attacks, and providing actionable recommendations to enhance our clients' security posture.

Key Responsibilities:

• Conduct penetration testing on web/mobile applications, networks, and systems.
• Conduct source code review.
• Identify and exploit security vulnerabilities in various environments.
• Develop and execute test plans, methodologies, and tools.
• Document findings and provide detailed reports with remediation recommendations.
• Stay up-to-date with the latest security trends, tools, and techniques.

Qualifications:

• Bachelor's degree in Computer Science, Information Security, or a related field.
• Proven experience in penetration testing and ethical hacking.
• Proficiency with penetration testing tools (e.g., Metasploit, Burp Suite, Nmap).
• Strong understanding of network protocols, operating systems, and web technologies.
• Relevant certifications (e.g., OSCP, CEH, CISSP) are highly desirable.
• Excellent problem-solving skills and attention to detail.
• Strong communication skills, both written and verbal.
• Ability to work independently and as part of a team.

Benefits:

• Competitive salary and performance-based bonuses.
• Comprehensive health, dental, and vision insurance.
• Professional development opportunities and certification reimbursements.
• Flexible working hours and remote work options.
• Collaborative and inclusive work environment.

Job Summary:

We are seeking a highly skilled Penetration Tester to join our cybersecurity team. In this role, you will be responsible for performing advanced penetration tests on networks, web applications, and systems to identify vulnerabilities and recommend security improvements. The ideal candidate will have experience with various security frameworks, offensive security techniques, and the ability to work both independently and in a team. Holding a CRT (CREST Registered Tester) certification is preferred but not mandatory. You will collaborate with stakeholders to improve the security posture of the organization and its clients.

Key Responsibilities:

• Perform in-depth penetration tests on a wide range of environments, including networks, web applications, mobile applications, and cloud infrastructure.
• Identify and exploit vulnerabilities, and provide actionable remediation recommendations.
• Develop and execute custom test cases, scenarios, and scripts to simulate attack vectors.
• Create detailed reports that clearly communicate findings, risk levels, and suggested mitigation strategies to both technical and non-technical stakeholders.
• Stay up-to-date with the latest cybersecurity threats, vulnerabilities, and technologies.
• Collaborate with development, IT, and security teams to address identified security weaknesses and verify fixes.
• Provide technical advice on security best practices and strategies for securing information systems.
• Assist in threat modeling and security architecture reviews.
• Support red team engagements and simulated attack scenarios.
• Ensure testing methodologies are aligned with industry standards such as OWASP , NIST , CIS Controls , and MITRE ATT&CK framework.
• Participate in security incident response when required, assisting in post-incident forensic investigations.

Requirements:

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or a related field (or equivalent experience).
• Proven experience in penetration testing across various domains (network, web, mobile, cloud, etc.).
• Strong knowledge of penetration testing tools such as Nmap , Metasploit , Burp Suite , Wireshark , Nessus , Kali Linux , etc.
• Deep understanding of network protocols, operating systems (Windows, Linux), and application security.
• Familiarity with security frameworks like CIS , NIST , and OWASP .
• Experience in writing custom scripts to automate security testing (e.g., Python , Bash , PowerShell ).
• Ability to work both independently on projects and collaboratively in a team setting.
• Strong problem-solving skills, with the ability to think critically and analytically.
• Excellent communication skills, with the ability to present complex technical issues to non-technical stakeholders.

Preferred Qualifications:

• CRT (CREST Registered Tester) certification is preferred.
• Other relevant certifications such as OSCP , OSWE , CPT , CEH , GPEN , or CISSP .
• Knowledge of cloud security testing in platforms like AWS , Azure , or Google Cloud .
• Familiarity with container security (e.g., Docker, Kubernetes) and DevSecOps practices.
• Understanding of social engineering techniques and their role in penetration testing.
• Experience with advanced techniques such as exploit development and red teaming.

Job Overview

We are seeking for a Penetration Tester with CAT1 Security Clearance to lead VAPT for Singapore government and critical infrastructure sectors. You will execute full-scope attacks (networks, apps, cloud, OT), bypass advanced defenses, and deliver actionable remediation strategies.

This role requires CREST/OSCP certification, deep exploit development skills, and experience with GovTech cybersecurity frameworks.

Core Responsibilities

Advanced Threat Emulation:

1. CAT1-cleared engagements:
2. Network: Breach segmented govt networks (e.g., air-gapped systems)
3. Applications: Exploit web/mobile apps (SCADA interfaces, GovTech portals)
4. Cloud: Attack AWS GovCloud/Azure Government environments
5. OT: ICS/SCADA system penetration (Siemens, Rockwell)
6. Develop custom malware/exploits (C++, Python) to evade EDR/XDR.

Red Team Operations:

1. Lead multi-vector campaigns:
2. Phishing (Evade Proofpoint/MS ATP)
3. Physical security bypass (RFID cloning, access control spoofing)
4. Wireless attacks (802.1X, WPA3-Enterprise)
5. Document TTPs aligned with MITRE ATT&CK for ICS/Enterprise.

Govt Compliance & Reporting:

1. Align tests with IM8, CSA Red Teaming Guidelines, and NIST SP 800-115.
2. Deliver executive briefings to CISOs with exploit demos.
3. Create remediation playbooks

Research & Development:

1. Reverse engineer firmware (Binwalk, Ghidra) for 0-day discovery.
2. Contribute to ASEAN CERT advisories (e.g., SingCERT).

Technical Requirements

Non-Negotiable Credentials:

1. CAT1 Security Clearance
2. Active Certifications: OSCP or CREST CRT/CCT (Inf/App)
3. 2+ years in pentesting

Tool Proficiency

1. Exploitation - Metasploit Pro, Cobalt Strike, Burp Suite Pro, PowerSploit
2. Post-Exploit - BloodHound, Mimikatz, Impacket, Covenant C2
3. Forensics - Volatility, Wireshark, CHIRP (ICS)
4. Wireless - HackRF One, Proxmark3, Wi-Fi Pineapple
5. Cloud - Pacu (AWS), MicroBurst (Azure), GCP IAM Exploit Toolkit

Preferred Qualifications

1. Certifications: OSCE³, CREST CCT Gold, OSCP
2. Govt Framework Experience: IM8 Penetration Test Guidelines, CSA Cyber Essentials
3. Public Contributions: CVEs, exploit-db submissions, conference talks (Black Hat Asia, DEFCON)

We are seeking a highly skilled Security Pentester with proven expertise in identifying, exploiting, and documenting vulnerabilities across networks, applications, and systems. The ideal candidate will hold an OSCP certification and possess strong hands-on experience with penetration testing tools, methodologies, and reporting.

• Perform penetration testing on applications, networks, cloud, APIs, and systems to identify vulnerabilities.
• Conduct vulnerability assessments and exploit proof-of-concepts (PoCs).
• Develop and execute threat models and attack simulations.
• Collaborate with development, infrastructure, and security teams to remediate identified vulnerabilities.
• Prepare and deliver detailed reports including risk ratings, technical findings, and mitigation strategies.
• Stay updated on the latest security threats, exploits, and industry trends.
• Ensure compliance with industry standards (e.g., OWASP, NIST, ISO 27001, PCI DSS).

• Bachelor's degree in Computer Science, Information Security, or related field , or equivalent experience.
• OSCP certification (mandatory).
• 3–5 years of hands-on penetration testing experience.
• Proficiency with penetration testing tools (Burp Suite, Metasploit, Nmap, Wireshark, Nessus, etc.).
• Strong understanding of web application security , network protocols, operating systems, and cloud environments.
• Knowledge of scripting languages (Python, Bash, PowerShell, etc.) for custom exploit development.
• Excellent problem-solving and report writing skills.

• Additional certifications: OSWE, OSEP, GPEN, CEH, CREST CRT, or similar .
• Experience with Red Team engagements .
• Familiarity with DevSecOps and CI/CD security testing.
• Understanding of threat intelligence and adversary simulation frameworks (MITRE ATT&CK).

• Strong communication and presentation skills.
• Ability to work independently and in a team.
• Analytical and detail-oriented mindset.
• Passionate about ethical hacking and continuous learning.

Identifies and mitigates cyber risks by assessing systems, networks, and applications for vulnerabilities. They simulate real-world attacks, document findings, and provide security improvement recommendations. Staying updated on cybersecurity trends, they collaborate with other professionals to develop comprehensive security strategies.

• Conduct security assessments on systems, networks, and applications.
• Simulate cyber attacks to identify system vulnerabilities.
• Typical security testing activities include:
• Software/Web Application/Web Services penetration testing
• Network Penetration Testing
• Mobile Application Penetration Testing
• Thick Client Penetration Testing
• Develop and execute penetration testing methodologies.
• Prepare detailed reports on the findings of penetration tests.
• Recommend and implement improvements to security policies.
• Stay updated with the latest penetration testing tools and techniques.
• Train staff on security awareness and procedures.
• Collaborate with IT staff to improve system security.

Requirements:

• Bachelor's degree in information security, information systems management, computer science, engineering, or other related discipline.
• More than 2 years of experience in information technology, IT audits, or cyber security.
• Proven experience as a Penetration Tester or similar role in cybersecurity.
• Proficiency in using automated tools and manual testing techniques.
• Strong understanding of common vulnerabilities and exploits.
• Relevant certifications (e.g., CEH, OSCP, CREST) are strongly preferred.
• Excellent problem-solving and analytical skills.
• Must be able to work under pressure and produce content to tight timelines.
• Ability to self-manage, prioritizing a variety of tasks.

Key Responsibilities

• Conduct simulated attacks on systems, networks, and applications to identify security flaws
• Develop and execute penetration testing methodologies tailored to specific environments
• Document findings and provide detailed reports with remediation recommendations
• Collaborate with IT and security teams to improve defences and patch vulnerabilities
• Stay updated on emerging threats, tools, and techniques in cybersecurity

Required Skills & Qualifications

• Strong understanding of network protocols, operating systems (Linux, Windows), and web technologies
• Proficiency with tools like Metasploit, Burp Suite, Nmap, Nessus, and Wireshark
• Experience with scripting languages (Python, Bash, PowerShell) for automation
• Familiarity with compliance standards (e.g., PCI-DSS, ISO 27001, HIPAA)
• Excellent analytical, problem-solving, and report-writing skills
• Certifications such as CEH , OSCP , or CREST are highly valued
• Bachelor's degree in Computer Science, Cybersecurity, or related field (or equivalent experience)

Benefits

• Marriage Leave
• Childcare Leave
• Medical Benefits

By submitting any application or resume to us, you will be deemed to have agreed & consented to us collecting, using, retaining & disclosing your personal information to prospective employers for their consideration.

*We regret to inform that only shortlisted candidates will be notified. *