8 Penetration Testing jobs in Singapore

About the Role

As a Penetration Testing Specialist, reporting to the Internal Audit function, you will play a critical role in evaluating the organization's cybersecurity posture by simulating real-world attacks and identifying vulnerabilities across systems, applications, and networks. Your work directly supports audit objectives by validating the effectiveness of security controls, ensuring regulatory compliance, and mitigating operational risks.

Key Responsibility

• Conduct comprehensive penetration tests on applications, databases, systems and networks to identify security vulnerabilities, and prepare a detail report on the findings.
• Propose measures to ensure that identified vulnerabilities are addressed.
• Work closely with IT, risk, and compliance teams to track remediation efforts and verify closure.
• Simulate cyber attacks to evaluate defensive measures and improve security posture.

Requirements

• Minimum 5 years of hands-on penetration testing experience for web applications, mobile applications, APIs, network, databases and load testing.
• Experience conducting secure code review.
• Degree in computer science/computer engineering/information security or equivalent.
• Working knowledge of all aspects of information security is essential.
• Familiarity with systems and operational architecture of large internet companies or online business models.
• Good communication (spoken and written) skills, able to work independently and as a team.
• Certifications from either GIAC/Offensive Security/CREST required.
• Hands on experience in Kali Linux, Burp, and other advanced penetration testing, and secure code review tools.
• Good to have: Basic Mandarin skills for simple verbal and written communication with Chinese partners.

渗透测试专家

关于职位

作为一名向内部审计部门汇报的渗透测试专家,您将在评估组织的网络安全态势方面发挥关键作用,通过模拟真实攻击并识别系统、应用程序和网络中的漏洞。您的工作将通过验证安全控制措施的有效性、确保合规性并降低运营风险,直接支持审计目标。

主要职责

• 对应用程序、数据库、系统和网络进行全面的渗透测试,以识别安全漏洞,并撰写详细的调查报告。
• 提出措施,确保已识别的漏洞得到解决。
• 与IT、风险和合规团队紧密合作,跟踪修复工作并验证漏洞已关闭。
• 模拟网络攻击,评估防御措施并提升安全态势。

职位要求

• 至少5年Web应用程序、移动应用程序、API、网络、数据库和负载测试的渗透测试经。
• 具备安全代码审查经验。
• 计算机科学/计算机工程/信息安全或同等学历。
• 具备信息安全各方面的工作知识。
• 熟悉大型互联网公司或在线商业模式的系统和运营架构。
• 良好的沟通能力,能够独立工作和团队合作。
• 需持有GIAC/Offensive Security/CREST认证。
• 具有 Kali Linux、Burp 和其他高级渗透测试及安全代码审查工具的实践经验。
• 加分项:具备基础中文能力,能够进行简单的口头和书面沟通。

Seeking a skilled Cybersecurity Expert to enhance our team's security posture through thorough penetration testing and expert advice.

Key Responsibilities:

• Conduct comprehensive penetration tests on networks, web applications, and systems to identify vulnerabilities and recommend strategic improvements.
• Develop and execute custom test cases, scenarios, and scripts to simulate real-world attack vectors.
• Collaborate with stakeholders to improve the organization's overall security and client relationships.
• Stay up-to-date with the latest cybersecurity threats, trends, and technologies.
• Provide technical guidance on security best practices and strategies for securing information systems.
• Assist in threat modeling, security architecture reviews, and the implementation of secure solutions.

Requirements:

• Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or a related field (or equivalent experience).
• Proven experience in penetration testing across various domains (network, web, mobile, cloud, etc.).
• Strong knowledge of penetration testing tools such as Nmap, Metasploit, Burp Suite, Wireshark, Nessus, Kali Linux, etc.
• Deep understanding of network protocols, operating systems (Windows, Linux), and application security.

Preferred Qualifications:

• CRT (CREST Registered Tester) certification is preferred.
• Other relevant certifications such as OSCP, OSWE, CPT, CEH, GPEN, or CISSP.
• Knowledge of cloud security testing in platforms like AWS, Azure, or Google Cloud.
• Familiarity with container security (e.g., Docker, Kubernetes) and DevSecOps practices.

Join to apply for the Security Testing Specialist role at OCBC .

Who We Are
As Singapore’s longest established bank, we have been dedicated to enabling individuals and businesses to achieve their aspirations since 1932. We provide support, services, solutions, and career paths tailored to our clients’ needs.

Today, we’re on a journey of transformation, leveraging technology and creativity to become a future-ready learning organisation. Our strategic ambition is to be Asia’s leading financial services partner for a sustainable future.

We invite you to build the bank of the future, innovate in financial services, work in supportive teams, and build lasting value in your community. Enjoy a vibrant, future-ready career with us.

Your Opportunity Starts Here.

Why Join

Protecting our customers' assets and data is central to our mission. As a Security Testing Specialist, you'll play a key role in safeguarding our systems from cyber threats, shaping the future of cybersecurity in finance.

How you succeed

Stay ahead of emerging threats, collaborate with engineering teams to identify and mitigate risks, and develop strategies to enhance cybersecurity.

What you do

• Perform application penetration testing on web-based applications, APIs
• Conduct mobile application penetration testing across platforms
• Perform network penetration testing
• Exploit vulnerabilities to assess security risks
• Document security issues and recommend mitigations
• Research latest security topics and attack vectors
• Conduct compliance testing per standards like MAS TRMG
• Perform secure code reviews when needed
• Conduct thick client penetration testing as required

• Minimum 3 years of hands-on penetration testing experience
• Experience with secure code review
• Degree in computer science, security, or related field
• Knowledge of all aspects of information security
• Familiarity with MAS TRMG and regulatory requirements
• Strong communication skills, able to work independently and in teams
• Certifications from GIAC, Offensive Security, CREST
• Hands-on experience with Kali Linux, Burp Suite, Tenable, and similar tools
• Experience conducting penetration testing for banks in Singapore preferred
• Experience with legacy systems review is a plus

Select how often (in days) to receive an alert:

Seeking a highly skilled and motivated Senior Cyber Security Testing Specialist who is skilled in application and infrastructure penetration testing, vulnerability assessment and secure code review to conduct, guide and review the work of external and cross function team security testers. In this role, you will be responsible for assessing and enhancing the security posture of the organisation’s critical applications and infrastructure through comprehensive testing, vulnerability assessment, and penetration testing techniques. Your expertise will play a crucial role in identifying security vulnerabilities and recommending risk mitigation strategies to different senior stakeholders

Make An Impact By

• Coordinate and Oversee Penetration Testing & Vulnerability Assessment Engagements:
  • Manage and coordinate penetration testing and vulnerability assessment engagements with external vendors, ensuring effective communication and collaboration between internal stakeholders and vendors.
  • Work closely with Domain security champions to review and tailor the scope, rules of engagement, testing methodologies, and reporting for external penetration tests and vulnerability assessments.
  • Collaborate with cross-functional teams to provide guidance on Singtel's security standards, recommend best practices, and advise on effective remediation strategies.
  • Review penetration testing reports, prioritize identified vulnerabilities, and coordinate efforts to address them in a timely manner.
  • Track and report on the progress and outcomes of penetration testing and vulnerability assessments, ensuring that all findings are addressed appropriately.
• Maintenance of tools and Conduct Various Penetration Tests:
  • Perform different types of penetration testing (e.g., AI models, application, API, Infrastructure, etc.) following recognized methodologies, including OWASP and Singtel’s internal standards, utilizing both manual and automated testing methods, as needed.
  • Maintain and configure the tests required of automated testing tools to support black box and white box testing, and ensure alignment with latest industry test requirements e.g. OWASP, covering all forms of technologies e.g. Cloud Apps, On-prem Apps, COTS products, In-house developed Apps, AI models, APIs, OS, DB, VM, Network devices, etc.
  • Identify gaps in automated testing tools and propose new tooling required to augment testing program as needed
• Bug Bounty Program Management:
  • Oversee and manage the bug bounty program and associated platforms for identifying and addressing reported vulnerabilities.
  • Validate/ triage the reported vulnerabilities, assess their impact on Singtel’s systems, and collaborate with relevant stakeholders to prioritize and remediate the issues.
  • Track and report on findings and outcomes from the bug bounty program to ensure timely resolution.
  • Develop engaging programs to boost the visibility and popularity of Singtel's bug bounty program.
• Manage and conduct secure code reviews using scanning tools and techniques to identify security weaknesses in software code.
• Analyze the results from code scans and work closely with development teams to implement necessary security fixes.
• Assist in the creation and implementation of secure coding practices across the organization.
• Vulnerability Retesting and Documentation:
  • Retest security vulnerabilities arising from various sources e.g. Bug Bounty, Penetration testing, etc. after remediation and update reports with the latest results and outcomes.
  • Develop and maintain comprehensive documentation for all vulnerability assessments, secured code reviews and penetration tests, including detailed findings, methodologies, and recommendations for improvements etc.
• Stay Current with Security Trends and Threats:
  • Continuously monitor the latest security trends, emerging vulnerabilities, and attack techniques to ensure that security testing methodologies and tools remain up-to-date and effective.

Skills for Success:

• Bachelor's degree in Computer Science, Information Security, or a related field.
• Attained OSCP or CREST.
• At least 5 years of experience working in Cyber and Information security field
• Solid experience in application security testing, vulnerability assessment, secure code review and penetration testing.
• Proficiency in performing AI models, API and application security testing using manual techniques, as well as utilizing runtime vulnerability testing tools and/or code review tools.
• Strong understanding of OWASP Top 10, CWE/SANS Top 25, and other common vulnerability frameworks.
• Out of which, at least 3 years experience in delivering various AI model, API, application, infrastructure penetration testing, vulnerability assessment and secure code review.
• Proficiency in performing AI model, API and application security assessment using manual techniques.
• Proficient in using and managing various security tools and products like Fortify, AppScan, Webinspect, Burp Suite, Nessus, Guardrails AI, Giskard, Moonshot, Deepcheck, Evidently, Pyrit, Adversarial Robustness Toolbox (ART), PyRIT, etc.

Rewards that Go Beyond

• Full suite of health and wellness benefits
• Ongoing training and development programs
• Internal mobility opportunities

Are you ready to say hello to BIG Possibilities?

Take the leap with Singtel to unlock new opportunities and accelerate your growth. Apply now and start your empowering career!

Seeking a highly skilled and motivated Senior Cyber Security Testing Specialist who is skilled in application and infrastructure penetration testing, vulnerability assessment and secure code review to conduct, guide and review the work of external and cross function team security testers. In this role, you will be responsible for assessing and enhancing the security posture of the organisation’s critical applications and infrastructure through comprehensive testing, vulnerability assessment, and penetration testing techniques. Your expertise will play a crucial role in identifying security vulnerabilities and recommending risk mitigation strategies to different senior stakeholders.

Make An Impact By

• Coordinate and Oversee Penetration Testing & Vulnerability Assessment Engagements:
  • Manage and coordinate penetration testing and vulnerability assessment engagements with external vendors, ensuring effective communication and collaboration between internal stakeholders and vendors.
  • Work closely with Domain security champions to review and tailor the scope, rules of engagement, testing methodologies, and reporting for external penetration tests and vulnerability assessments.
  • Collaborate with cross-functional teams to provide guidance on Singtel's security standards, recommend best practices, and advise on effective remediation strategies.
  • Review penetration testing reports, prioritize identified vulnerabilities, and coordinate efforts to address them in a timely manner.
  • Track and report on the progress and outcomes of penetration testing and vulnerability assessments, ensuring that all findings are addressed appropriately.
• Maintenance of tools and Conduct Various Penetration Tests:
  • Perform different types of penetration testing (e.g., AI models, application, API, Infrastructure, etc.) following recognized methodologies, including OWASP and Singtel’s internal standards, utilizing both manual and automated testing methods, as needed.
  • Maintain and configure the tests required of automated testing tools to support black box and white box testing, and ensure alignment with latest industry test requirements e.g. OWASP, covering all forms of technologies e.g. Cloud Apps, On-prem Apps, COTS products, In-house developed Apps, AI models, APIs, OS, DB, VM, Network devices, etc.
  • Identify gaps in automated testing tools and propose new tooling required to augment testing program as needed.
• Bug Bounty Program Management:
  • Oversee and manage the bug bounty program and associated platforms for identifying and addressing reported vulnerabilities.
  • Validate/ triage the reported vulnerabilities, assess their impact on Singtel’s systems, and collaborate with relevant stakeholders to prioritize and remediate the issues.
  • Track and report on findings and outcomes from the bug bounty program to ensure timely resolution.
  • Develop engaging programs to boost the visibility and popularity of Singtel's bug bounty program.
• Manage and conduct secure code reviews using scanning tools and techniques to identify security weaknesses in software code.
• Analyze the results from code scans and work closely with development teams to implement necessary security fixes.
• Assist in the creation and implementation of secure coding practices across the organization.
• Vulnerability Retesting and Documentation:
  • Retest security vulnerabilities arising from various sources e.g. Bug Bounty, Penetration testing, etc. after remediation and update reports with the latest results and outcomes.
  • Develop and maintain comprehensive documentation for all vulnerability assessments, secured code reviews and penetration tests, including detailed findings, methodologies, and recommendations for improvements etc.
• Stay Current with Security Trends and Threats:
  • Continuously monitor the latest security trends, emerging vulnerabilities, and attack techniques to ensure that security testing methodologies and tools remain up-to-date and effective.

Skills for Success:

• Bachelor's degree in Computer Science, Information Security, or a related field.
• Attained OSCP or CREST.
• At least 5 years of experience working in Cyber and Information security field.
• Solid experience in application security testing, vulnerability assessment, secure code review and penetration testing.
• Proficiency in performing AI models, API and application security testing using manual techniques, as well as utilizing runtime vulnerability testing tools and/or code review tools.
• Strong understanding of OWASP Top 10, CWE/SANS Top 25, and other common vulnerability frameworks.
• Out of which, at least 3 years experience in delivering various AI model, API, application, infrastructure penetration testing, vulnerability assessment and secure code review.
• Proficiency in performing AI model, API and application security assessment using manual techniques.
• Proficient in using and managing various security tools and products like Fortify, AppScan, Webinspect, Burp Suite, Nessus, Guardrails AI, Giskard, Moonshot, Deepcheck, Evidently, Pyrit, Adversarial Robustness Toolbox (ART), PyRIT, etc.

Rewards that Go Beyond

• Full suite of health and wellness benefits.
• Ongoing training and development programs.
• Internal mobility opportunities.

Are you ready to say hello to BIG Possibilities?

Take the leap with Singtel to unlock new opportunities and accelerate your growth. Apply now and start your empowering career!

TikTok is the leading destination for short-form mobile video. At TikTok, our mission is to inspire creativity and bring joy. TikTok's global headquarters are in Los Angeles and Singapore, and we also have offices in New York City, London, Dublin, Paris, Berlin, Dubai, Jakarta, Seoul, and Tokyo.

Inspiring creativity is at the core of TikTok's mission. Our innovative product is built to help people authentically express themselves, discover and connect – and our global, diverse teams make that possible. Together, we create value for our communities, inspire creativity and bring joy - a mission we work towards every day.

We strive to do great things with great people. We lead with curiosity, humility, and a desire to make impact in a rapidly growing tech company. Every challenge is an opportunity to learn and innovate as one team. We're resilient and embrace challenges as they come. By constantly iterating and fostering an "Always Day 1" mindset, we achieve meaningful breakthroughs for ourselves, our company, and our users. When we create and grow together, the possibilities are limitless. Join us.

TikTok is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. Our platform connects people from across the globe and so does our workplace. At TikTok, our mission is to inspire creativity and bring joy. To achieve that goal, we are committed to celebrating our diverse voices and to creating an environment that reflects the many communities we reach. We are passionate about this and hope you are too.

• Career growth opportunity
• Flat organization
• 100+ mil users

Team introduction:
TikTok is seeking a highly adaptable and motivated Senior Analyst to bolster our data sovereignty controls testing program. As a key member of our Data Protection Solutions team, you will play a crucial role in ensuring the privacy and security of our regional data by executing on data sovereignty testing strategy and contributing to the improvement of technical controls across prioritized technology solutions.
You will collaborate closely with various teams, including Legal, Global Security, and Security Engineering, to help ensure continued compliance with data privacy regulations and the implementation of robust security measures, in all stages of solution development. This role reports to the Data Sovereignty Solutions Lead within PnS's Data Protection Solutions team.

Responsibilities:

• Stay up-to-date with evolving data sovereignty and regionalization requirements (e.g., GDPR, cross-border transfer requirements) and translate these requirements into discrete testing procedures, specific to applicable regions and controls
• Collaborate with engineers and product owners to assess systems in the design stage, providing a testing framework for short and long-term testing of applicable data sovereignty and regionalization controls, bespoke to their technologies
• After implementation, continue with ongoing testing of applicable data sovereignty and regionalization controls as products and systems expand or mature
• Where possible, develop automated testing mechanisms to reduce manual effort and increase program maturity in a sustainable manner

Minimum Qualifications:

• In-depth knowledge of data privacy regulations and standards, such as GDPR, CCPA, or other global data protection laws
• Strong understanding of:
  Cross-border data transfers
  Data security and data privacy concepts
  Penetration testing or red team exercises
  Data encryption, tokenization, masking, and redaction
• Strong critical thinking and technical analysis skills to apply to documentation review or testing design
• Demonstrate ability to quickly assimilate to new knowledge and remain current on new developments in data sovereignty, data regionalization and data privacy

Preferred Qualification:

• Bachelors’ Degree or industry equivalent work experience
• Minimum 5 years experience working in cybersecurity, security engineering, or privacy engineering
• Relevant certifications:
  CIPP/E
  CISSP
• Understanding of:
  Cloud security and architecture
  Privacy enhancing technologies
  System design and application development practices
  Common testing frameworks, such as the MITRE ATT&CK framework
• Strong communication skills to collaborate with cross-functional teams (both technical and non-technical), influence without authority, and persuade priorities, objectives, and controls to stakeholders
• Demonstrated ability to work effectively in environments of ambiguity and constant change

TikTok is the leading destination for short-form mobile video. At TikTok, our mission is to inspire creativity and bring joy. TikTok's global headquarters are in Los Angeles and Singapore, and we also have offices in New York City, London, Dublin, Paris, Berlin, Dubai, Jakarta, Seoul, and Tokyo.

Inspiring creativity is at the core of TikTok's mission. Our innovative product is built to help people authentically express themselves, discover and connect – and our global, diverse teams make that possible. Together, we create value for our communities, inspire creativity and bring joy - a mission we work towards every day.

We strive to do great things with great people. We lead with curiosity, humility, and a desire to make impact in a rapidly growing tech company. Every challenge is an opportunity to learn and innovate as one team. We're resilient and embrace challenges as they come. By constantly iterating and fostering an "Always Day 1" mindset, we achieve meaningful breakthroughs for ourselves, our company, and our users. When we create and grow together, the possibilities are limitless. Join us.

TikTok is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. Our platform connects people from across the globe and so does our workplace. At TikTok, our mission is to inspire creativity and bring joy. To achieve that goal, we are committed to celebrating our diverse voices and to creating an environment that reflects the many communities we reach. We are passionate about this and hope you are too.

• Career growth opportunity
• Flat organization
• 100+ mil users

Team introduction:
TikTok is seeking a highly adaptable and motivated Senior Analyst to bolster our data sovereignty controls testing program. As a key member of our Data Protection Solutions team, you will play a crucial role in ensuring the privacy and security of our regional data by executing on data sovereignty testing strategy and contributing to the improvement of technical controls across prioritized technology solutions.

You will collaborate closely with various teams, including Legal, Global Security, and Security Engineering, to help ensure continued compliance with data privacy regulations and the implementation of robust security measures, in all stages of solution development. This role reports to the Data Sovereignty Solutions Lead within PnS's Data Protection Solutions team.

Responsibilities:

• Stay up-to-date with evolving data sovereignty and regionalization requirements (e.g., GDPR, cross-border transfer requirements) and translate these requirements into discrete testing procedures, specific to applicable regions and controls
• Collaborate with engineers and product owners to assess systems in the design stage, providing a testing framework for short and long-term testing of applicable data sovereignty and regionalization controls, bespoke to their technologies
• After implementation, continue with ongoing testing of applicable data sovereignty and regionalization controls as products and systems expand or mature
• Where possible, develop automated testing mechanisms to reduce manual effort and increase program maturity in a sustainable manner

Minimum Qualifications:

• In-depth knowledge of data privacy regulations and standards, such as GDPR, CCPA, or other global data protection laws
• Strong understanding of:
  Cross-border data transfers
  Data security and data privacy concepts
  Penetration testing or red team exercises
  Data encryption, tokenization, masking, and redaction
• Strong critical thinking and technical analysis skills to apply to documentation review or testing design
• Demonstrate ability to quickly assimilate to new knowledge and remain current on new developments in data sovereignty, data regionalization and data privacy

Preferred Qualification:

• Bachelors’ Degree or industry equivalent work experience
• Minimum 5 years experience working in cybersecurity, security engineering, or privacy engineering
• Relevant certifications:
  CIPP/E
  CISSP
• Understanding of:
  Cloud security and architecture
  Privacy enhancing technologies
  System design and application development practices
  Common testing frameworks, such as the MITRE ATT&CK framework
• Strong communication skills to collaborate with cross-functional teams (both technical and non-technical), influence without authority, and persuade priorities, objectives, and controls to stakeholders
• Demonstrated ability to work effectively in environments of ambiguity and constant change