11 Penetration Testing jobs in Singapore

Job Description:

• Design and perform tests and check cases to determine if infrastructure components, systems and applications meet confidentiality, integrity, authentication, availability, authorisation, and non-repudiation standards.
• Translate requirements into test plan, write and execute test scripts or codes in line with standards and procedures to determine vulnerability to attacks.
• Certify infrastructure components, systems and applications that meet security standards.

Requirements:

• Minimum total three years’ work experience as Penetration Testing Specialist

The Security Consultant delivers penetration testing & offensive security projects to ensure a successful

outcome that at least meets or exceeds the expectations of our clients.

• The customer recognises you as a subject matter expert and they have confidence in the comprehensiveness of the testing methodology and the accuracy of the results.
• The client has prepared the testing environment prior to the project start date so that the engagement is executed smoothly and without delay.
• Penetration testing projects are delivered efficiently and on schedule.
• The quality of the Penetration Testing Report by ensuring it has been peer reviewed and approved for release to the client.
• All client data is managed in strict accordance with Vantage Point Security data security and protection policies throughout the project.

Singapore

We are seeking an accomplished and proactive Senior Penetration Tester to lead our offensive security and penetration testing projects.

The successful candidate will possess extensive practical experience, hold multiple industry-recognised certifications, and demonstrate strong leadership qualities.

You will be expected to manage concurrent projects, mentor junior team members, and ensure that all engagements meet or exceed our clients’ expectations.

Technical Leadership:

• Act as the primary technical authority for both internal teams and client engagements.
• Provide strategic guidance and mentorship to ensure comprehensive coverage of testing scenarios.

Project Management:

• Collaborate with Project Managers to define project scope, develop detailed Statements of Work (SOW), and allocate testing resources.
• Oversee the scheduling and execution of penetration testing projects, ensuring milestones are met and delays minimised.

Penetration Testing:

• Conduct thorough manual and automated penetration tests across web applications, networks, infrastructure, IoT devices, mobile applications, thick clients and emerging technologies.
• Develop, update, and author new test cases to address evolving security threats and technological advancements.

Reporting and Communication:

• Document findings, vulnerabilities, and recommendations in detailed and accurate reports.
• Ensure all reports undergo peer review and receive appropriate approval before delivery to clients.
• Maintain clear and open communication channels with clients regarding testing methodologies, project progress, and remediation advice.

Compliance and Data Security:

• Manage client data in strict accordance with our data security and protection policies.
• Ensure that all engagements adhere to legal, regulatory, and industry-specific requirements.

Expertise Recognition:

Clients recognise you as a subject matter expert with confidence in the rigour and accuracy of our penetration testing approach.

Efficient Project Delivery:

Projects are delivered on schedule, with clearly defined scopes and communicated timelines.

High-Quality Reporting:

Penetration testing reports are comprehensive, thoroughly documented, and approved for client distribution.

Team Development:

Junior team members are well-prepared and continuously upskilled, contributing to a high-performing security team.

Essential Experience:

• A robust track record in delivering complex penetration testing and offensive security projects.
• Extensive hands-on experience in manual testing across diverse environments including web, network, IoT, and mobile platforms.

Certifications:

• Multiple relevant penetration testing certifications are required (e.g., CREST, OSCP, OSWE, GPEN, etc.).
• Maintaining current certifications and an ongoing commitment to professional development is essential.

Leadership and Multitasking:

• Demonstrated leadership skills with the ability to manage and mentor a diverse team.
• Proven ability to manage multiple projects simultaneously while ensuring attention to detail and quality.

Communication Skills:

• Excellent written and verbal communication skills in English, with the ability to clearly articulate complex technical information to non-technical stakeholders.

Please note that only candidates who meet the above criteria, particularly in terms of multiple industry-relevant certifications and extensive hands-on experience, will be considered for this role.

Applications from those who do not satisfy these essential requirements will not be reviewed.

• Occasional travel to client sites may be required.
• We offer a competitive salary and benefits package reflective of the seniority and expertise required for this role.

If you are a seasoned professional with a passion for offensive security and a proven track record in penetration testing leadership, we encourage you to apply.

The Associate Security Consultant attains CREST CRT certification, learns other security assurance skills and assists in delivering penetration testing & offensive security projects to ensure a successful outcome that at least meets or exceeds the expectations of our clients.

• Mentored to achieved CREST CRT certification within 4 months of joining Vantage Point.
• Complete the Associate Consultant training program to become competent with the use of penetration testing tools and techniques, including manual testing, automated application vulnerability scanning/testing tools and source code review techniques.
• Perform penetration testing projects as part of a team to ensure they are delivered efficiently and on schedule.
• All client data is managed in strict accordance with Vantage Point Security data security and protection policies throughout the project.

• Achieve CREST CRT certification within 4 months of joining Vantage Point.
• Complete the Associate Consultant training program comprising the learning of penetration testing tools and techniques, including manual testing, automated application vulnerability scanning/testing tools and source code review techniques.
• Support Senior Consultants and Security Consultants to perform manual penetration tests of websites, services, infrastructure, networks, IoT Devices, and mobile applications to discover and report exploitable vulnerabilities.
• Clearly document findings and recommendations.
• Help to provide an environment where everybody is continuing to learn and develop.
• Continuously learn and master new hacking methods in new and emerging technologies.

Location:

Other locations: Primary Location Only

Date: 7 Mar 2025

Requisition ID: 1534795

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all.

We are looking to hire motivated and driven penetration testers to join our team of cybersecurity professionals. As a cybersecurity professional in EY Singapore, you will have the chance to work in engagement teams serving our clients in providing independent assessments or implementation of cyber solutions. As EY Singapore is a member of the whole global EY network, you will be part of an international connected team of specialists helping our clients with their most complex cybersecurity needs and contributing toward their business resilience.

You will be part of the Cybersecurity Attack & Penetration team at EY Singapore. This team provides technical cyber assessments that aim to assist clients gain insight and context to their cyber threats, and provide pragmatic recommendations to mitigate these threats. As a penetration tester in the Attack & Penetration team, your responsibilities include:

• Perform cybersecurity threat modelling
• Perform IT and OT network penetration testing
• Perform IOT penetration testing
• Perform red team assessments
• Conduct social engineering exercises
• Support in incident response

Through the technical assessments stated above, you will then advise clients on the security issues, including explanation on the technical details and how they can remediate the vulnerabilities in the processes and controls.

• Communication – Demonstrate that you listen and understand before responding
• Knowledgeable – Demonstrate deep technical capabilities and understanding of the client’s problems.
• Curiosity – Be proactive, learn fast and seek to identify issues that others might miss.
• Integrity – Conduct yourself as per EY’s values, and do not be afraid to admit mistakes.
• Impact – Consistently deliver exceptional quality work that positively impacts the projects that you are on.
• Teamwork – You seek to ensure that the team succeeds, rather than only yourself.

To qualify for the role you must have

• A degree in Computer Science, Computer Engineering, Information Technology or equivalent
• Industry-recognised penetration testing certifications such as, but not limited to:

a) Offensive Security Certified Professional (OSCP);

b) Offensive Security Web Expert (0SWE);

c) Offensive Security Certified Expert (OSCE);

d) Offensive Security Exploitation Expert (OSEE); and/or

e) Relevant certification from the Council of Registered Ethical Security Testers (CREST), such as CRT, CCT etc.

• Candidates with at least 2 years of working experience as a penetration tester will be considered for the Senior Consultant positions.
• Candidates with less than 2 years of working experience as a penetration tester will be considered for the Associate Consultant positions.

EY offers a competitive remuneration package where you’ll be rewarded for your individual and team performance. We are committed to being an inclusive employer and are happy to consider flexible working arrangements. Plus, we offer:

• Continuous learning: You’ll develop the mindset and skills to navigate whatever comes next.
• Success as defined by you: We’ll provide the tools and flexibility, so you can make a meaningful impact, your way.
• Transformative leadership: We’ll give you the insights, coaching and confidence to be the leader the world needs.
• Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs.

If you can demonstrate that you meet the criteria above, please contact us as soon as possible.

The exceptional EY experience. It’s yours to build.

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.

Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.

Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

Select how often (in days) to receive an alert:

Seeking a highly skilled and motivated Senior Cyber Security Testing Specialist who is skilled in application and infrastructure penetration testing, vulnerability assessment and secure code review to conduct, guide and review the work of external and cross function team security testers. In this role, you will be responsible for assessing and enhancing the security posture of the organisation’s critical applications and infrastructure through comprehensive testing, vulnerability assessment, and penetration testing techniques. Your expertise will play a crucial role in identifying security vulnerabilities and recommending risk mitigation strategies to different senior stakeholders

Make An Impact By

• Coordinate and Oversee Penetration Testing & Vulnerability Assessment Engagements:
  • Manage and coordinate penetration testing and vulnerability assessment engagements with external vendors, ensuring effective communication and collaboration between internal stakeholders and vendors.
  • Work closely with Domain security champions to review and tailor the scope, rules of engagement, testing methodologies, and reporting for external penetration tests and vulnerability assessments.
  • Collaborate with cross-functional teams to provide guidance on Singtel's security standards, recommend best practices, and advise on effective remediation strategies.
  • Review penetration testing reports, prioritize identified vulnerabilities, and coordinate efforts to address them in a timely manner.
  • Track and report on the progress and outcomes of penetration testing and vulnerability assessments, ensuring that all findings are addressed appropriately.
• Maintenance of tools and Conduct Various Penetration Tests:
  • Perform different types of penetration testing (e.g., AI models, application, API, Infrastructure, etc.) following recognized methodologies, including OWASP and Singtel’s internal standards, utilizing both manual and automated testing methods, as needed.
  • Maintain and configure the tests required of automated testing tools to support black box and white box testing, and ensure alignment with latest industry test requirements e.g. OWASP, covering all forms of technologies e.g. Cloud Apps, On-prem Apps, COTS products, In-house developed Apps, AI models, APIs, OS, DB, VM, Network devices, etc.
  • Identify gaps in automated testing tools and propose new tooling required to augment testing program as needed
• Bug Bounty Program Management:
  • Oversee and manage the bug bounty program and associated platforms for identifying and addressing reported vulnerabilities.
  • Validate/ triage the reported vulnerabilities, assess their impact on Singtel’s systems, and collaborate with relevant stakeholders to prioritize and remediate the issues.
  • Track and report on findings and outcomes from the bug bounty program to ensure timely resolution.
  • Develop engaging programs to boost the visibility and popularity of Singtel's bug bounty program.
• Manage and conduct secure code reviews using scanning tools and techniques to identify security weaknesses in software code.
• Analyze the results from code scans and work closely with development teams to implement necessary security fixes.
• Assist in the creation and implementation of secure coding practices across the organization.
• Vulnerability Retesting and Documentation:
  • Retest security vulnerabilities arising from various sources e.g. Bug Bounty, Penetration testing, etc. after remediation and update reports with the latest results and outcomes.
  • Develop and maintain comprehensive documentation for all vulnerability assessments, secured code reviews and penetration tests, including detailed findings, methodologies, and recommendations for improvements etc.
• Stay Current with Security Trends and Threats:
  • Continuously monitor the latest security trends, emerging vulnerabilities, and attack techniques to ensure that security testing methodologies and tools remain up-to-date and effective.

Skills for Success:

• Bachelor's degree in Computer Science, Information Security, or a related field.
• Attained OSCP or CREST.
• At least 5 years of experience working in Cyber and Information security field
• Solid experience in application security testing, vulnerability assessment, secure code review and penetration testing.
• Proficiency in performing AI models, API and application security testing using manual techniques, as well as utilizing runtime vulnerability testing tools and/or code review tools.
• Strong understanding of OWASP Top 10, CWE/SANS Top 25, and other common vulnerability frameworks.
• Out of which, at least 3 years experience in delivering various AI model, API, application, infrastructure penetration testing, vulnerability assessment and secure code review.
• Proficiency in performing AI model, API and application security assessment using manual techniques.
• Proficient in using and managing various security tools and products like Fortify, AppScan, Webinspect, Burp Suite, Nessus, Guardrails AI, Giskard, Moonshot, Deepcheck, Evidently, Pyrit, Adversarial Robustness Toolbox (ART), PyRIT, etc.

Rewards that Go Beyond

• Full suite of health and wellness benefits
• Ongoing training and development programs
• Internal mobility opportunities

Are you ready to say hello to BIG Possibilities?

Take the leap with Singtel to unlock new opportunities and accelerate your growth. Apply now and start your empowering career!

Seeking a highly skilled and motivated Senior Cyber Security Testing Specialist who is skilled in application and infrastructure penetration testing, vulnerability assessment and secure code review to conduct, guide and review the work of external and cross function team security testers. In this role, you will be responsible for assessing and enhancing the security posture of the organisation’s critical applications and infrastructure through comprehensive testing, vulnerability assessment, and penetration testing techniques. Your expertise will play a crucial role in identifying security vulnerabilities and recommending risk mitigation strategies to different senior stakeholders.

Make An Impact By

• Coordinate and Oversee Penetration Testing & Vulnerability Assessment Engagements:
  • Manage and coordinate penetration testing and vulnerability assessment engagements with external vendors, ensuring effective communication and collaboration between internal stakeholders and vendors.
  • Work closely with Domain security champions to review and tailor the scope, rules of engagement, testing methodologies, and reporting for external penetration tests and vulnerability assessments.
  • Collaborate with cross-functional teams to provide guidance on Singtel's security standards, recommend best practices, and advise on effective remediation strategies.
  • Review penetration testing reports, prioritize identified vulnerabilities, and coordinate efforts to address them in a timely manner.
  • Track and report on the progress and outcomes of penetration testing and vulnerability assessments, ensuring that all findings are addressed appropriately.
• Maintenance of tools and Conduct Various Penetration Tests:
  • Perform different types of penetration testing (e.g., AI models, application, API, Infrastructure, etc.) following recognized methodologies, including OWASP and Singtel’s internal standards, utilizing both manual and automated testing methods, as needed.
  • Maintain and configure the tests required of automated testing tools to support black box and white box testing, and ensure alignment with latest industry test requirements e.g. OWASP, covering all forms of technologies e.g. Cloud Apps, On-prem Apps, COTS products, In-house developed Apps, AI models, APIs, OS, DB, VM, Network devices, etc.
  • Identify gaps in automated testing tools and propose new tooling required to augment testing program as needed.
• Bug Bounty Program Management:
  • Oversee and manage the bug bounty program and associated platforms for identifying and addressing reported vulnerabilities.
  • Validate/ triage the reported vulnerabilities, assess their impact on Singtel’s systems, and collaborate with relevant stakeholders to prioritize and remediate the issues.
  • Track and report on findings and outcomes from the bug bounty program to ensure timely resolution.
  • Develop engaging programs to boost the visibility and popularity of Singtel's bug bounty program.
• Manage and conduct secure code reviews using scanning tools and techniques to identify security weaknesses in software code.
• Analyze the results from code scans and work closely with development teams to implement necessary security fixes.
• Assist in the creation and implementation of secure coding practices across the organization.
• Vulnerability Retesting and Documentation:
  • Retest security vulnerabilities arising from various sources e.g. Bug Bounty, Penetration testing, etc. after remediation and update reports with the latest results and outcomes.
  • Develop and maintain comprehensive documentation for all vulnerability assessments, secured code reviews and penetration tests, including detailed findings, methodologies, and recommendations for improvements etc.
• Stay Current with Security Trends and Threats:
  • Continuously monitor the latest security trends, emerging vulnerabilities, and attack techniques to ensure that security testing methodologies and tools remain up-to-date and effective.

Skills for Success:

• Bachelor's degree in Computer Science, Information Security, or a related field.
• Attained OSCP or CREST.
• At least 5 years of experience working in Cyber and Information security field.
• Solid experience in application security testing, vulnerability assessment, secure code review and penetration testing.
• Proficiency in performing AI models, API and application security testing using manual techniques, as well as utilizing runtime vulnerability testing tools and/or code review tools.
• Strong understanding of OWASP Top 10, CWE/SANS Top 25, and other common vulnerability frameworks.
• Out of which, at least 3 years experience in delivering various AI model, API, application, infrastructure penetration testing, vulnerability assessment and secure code review.
• Proficiency in performing AI model, API and application security assessment using manual techniques.
• Proficient in using and managing various security tools and products like Fortify, AppScan, Webinspect, Burp Suite, Nessus, Guardrails AI, Giskard, Moonshot, Deepcheck, Evidently, Pyrit, Adversarial Robustness Toolbox (ART), PyRIT, etc.

Rewards that Go Beyond

• Full suite of health and wellness benefits.
• Ongoing training and development programs.
• Internal mobility opportunities.

Are you ready to say hello to BIG Possibilities?

Take the leap with Singtel to unlock new opportunities and accelerate your growth. Apply now and start your empowering career!

Job Responsibilities

Penetration Testing

• Conduct comprehensive penetration tests on applications, systems and networks to identify security vulnerabilities
• Provide actionable remediation recommendations and track findings through resolution
• Simulate cyberattacks to evaluate defensive measures and improve security posture

Governance, Risk & Verification (GRV) Support

• Assist in risk assessments, security plan development and control gap analysis
• Perform security assessments, including web/application security configurations and firewall rule reviews
• Contribute to the enterprise risk register by identifying and documenting security risks
• Develop, review and maintain cybersecurity policies, standards and procedures
• Evaluate compliance with security frameworks and regulatory requirements

Job Requirements

Education & Certification

• Bachelor's degree/ Diploma in Cyber Security or Information Technology
• Penetration testing certification such as Offensive Security (OSCP, OSWE, OSEP) or Crest (CRT, CCT)
• Professional cyber related membership and certification

Experience

• Possess at least 2 years of relevant penetration testing hands-on experience
• Prior experience in Gaming, Banking or Critical infrastructure infoComm industry will be an added advantage

Competencies

• Strong knowledge of web & mobile application security and penetration testing techniques
• Strong knowledge of network protocols, security architecture and defense-in-depth principles
• Strong knowledge of Cyber threats, vulnerabilities and attack methodologies
• Strong knowledge of system/application security risk and mitigation strategies
• Proficient in Penetration testing tools
• Proficiency in Security Frameworks
• Excellent verbal/written communication skills to convey technical findings
• Ability to prioritize and manage multiple projects in a dynamic environment
• Strong analytical and problem-solving skills

Job Responsibilities

Penetration Testing

• Conduct comprehensive penetration tests on applications, systems and networks to identify security vulnerabilities
• Provide actionable remediation recommendations and track findings through resolution
• Simulate cyberattacks to evaluate defensive measures and improve security posture

Governance, Risk & Verification (GRV) Support

• Assist in risk assessments, security plan development and control gap analysis
• Perform security assessments, including web/application security configurations and firewall rule reviews
• Contribute to the enterprise risk register by identifying and documenting security risks
• Develop, review and maintain cybersecurity policies, standards and procedures
• Evaluate compliance with security frameworks and regulatory requirements

Job Requirements

Education & Certification

• Bachelor's degree/ Diploma in Cyber Security or Information Technology
• Penetration testing certification such as Offensive Security (OSCP, OSWE, OSEP) or Crest (CRT, CCT)
• Professional cyber related membership and certification

Experience

• Possess at least 2 years of relevant penetration testing hands-on experience
• Prior experience in Gaming, Banking or Critical infrastructure infoComm industry will be an added advantage

Competencies

• Strong knowledge of web & mobile application security and penetration testing techniques
• Strong knowledge of network protocols, security architecture and defense-in-depth principles
• Strong knowledge of Cyber threats, vulnerabilities and attack methodologies
• Strong knowledge of system/application security risk and mitigation strategies
• Proficient in Penetration testing tools
• Proficiency in Security Frameworks
• Excellent verbal/written communication skills to convey technical findings
• Ability to prioritize and manage multiple projects in a dynamic environment
• Strong analytical and problem-solving skills