19 Security Assessment jobs in Singapore

Job Description:

• Design and perform tests and check cases to determine if infrastructure components, systems and applications meet confidentiality, integrity, authentication, availability, authorisation, and non-repudiation standards.
• Translate requirements into test plan, write and execute test scripts or codes in line with standards and procedures to determine vulnerability to attacks.
• Certify infrastructure components, systems and applications that meet security standards.

Requirements:

• Minimum total three years’ work experience as Penetration Testing Specialist

The Security Consultant delivers penetration testing & offensive security projects to ensure a successful

outcome that at least meets or exceeds the expectations of our clients.

• The customer recognises you as a subject matter expert and they have confidence in the comprehensiveness of the testing methodology and the accuracy of the results.
• The client has prepared the testing environment prior to the project start date so that the engagement is executed smoothly and without delay.
• Penetration testing projects are delivered efficiently and on schedule.
• The quality of the Penetration Testing Report by ensuring it has been peer reviewed and approved for release to the client.
• All client data is managed in strict accordance with Vantage Point Security data security and protection policies throughout the project.

Singapore

We are seeking an accomplished and proactive Senior Penetration Tester to lead our offensive security and penetration testing projects.

The successful candidate will possess extensive practical experience, hold multiple industry-recognised certifications, and demonstrate strong leadership qualities.

You will be expected to manage concurrent projects, mentor junior team members, and ensure that all engagements meet or exceed our clients’ expectations.

Technical Leadership:

• Act as the primary technical authority for both internal teams and client engagements.
• Provide strategic guidance and mentorship to ensure comprehensive coverage of testing scenarios.

Project Management:

• Collaborate with Project Managers to define project scope, develop detailed Statements of Work (SOW), and allocate testing resources.
• Oversee the scheduling and execution of penetration testing projects, ensuring milestones are met and delays minimised.

Penetration Testing:

• Conduct thorough manual and automated penetration tests across web applications, networks, infrastructure, IoT devices, mobile applications, thick clients and emerging technologies.
• Develop, update, and author new test cases to address evolving security threats and technological advancements.

Reporting and Communication:

• Document findings, vulnerabilities, and recommendations in detailed and accurate reports.
• Ensure all reports undergo peer review and receive appropriate approval before delivery to clients.
• Maintain clear and open communication channels with clients regarding testing methodologies, project progress, and remediation advice.

Compliance and Data Security:

• Manage client data in strict accordance with our data security and protection policies.
• Ensure that all engagements adhere to legal, regulatory, and industry-specific requirements.

Expertise Recognition:

Clients recognise you as a subject matter expert with confidence in the rigour and accuracy of our penetration testing approach.

Efficient Project Delivery:

Projects are delivered on schedule, with clearly defined scopes and communicated timelines.

High-Quality Reporting:

Penetration testing reports are comprehensive, thoroughly documented, and approved for client distribution.

Team Development:

Junior team members are well-prepared and continuously upskilled, contributing to a high-performing security team.

Essential Experience:

• A robust track record in delivering complex penetration testing and offensive security projects.
• Extensive hands-on experience in manual testing across diverse environments including web, network, IoT, and mobile platforms.

Certifications:

• Multiple relevant penetration testing certifications are required (e.g., CREST, OSCP, OSWE, GPEN, etc.).
• Maintaining current certifications and an ongoing commitment to professional development is essential.

Leadership and Multitasking:

• Demonstrated leadership skills with the ability to manage and mentor a diverse team.
• Proven ability to manage multiple projects simultaneously while ensuring attention to detail and quality.

Communication Skills:

• Excellent written and verbal communication skills in English, with the ability to clearly articulate complex technical information to non-technical stakeholders.

Please note that only candidates who meet the above criteria, particularly in terms of multiple industry-relevant certifications and extensive hands-on experience, will be considered for this role.

Applications from those who do not satisfy these essential requirements will not be reviewed.

• Occasional travel to client sites may be required.
• We offer a competitive salary and benefits package reflective of the seniority and expertise required for this role.

If you are a seasoned professional with a passion for offensive security and a proven track record in penetration testing leadership, we encourage you to apply.

The Associate Security Consultant attains CREST CRT certification, learns other security assurance skills and assists in delivering penetration testing & offensive security projects to ensure a successful outcome that at least meets or exceeds the expectations of our clients.

• Mentored to achieved CREST CRT certification within 4 months of joining Vantage Point.
• Complete the Associate Consultant training program to become competent with the use of penetration testing tools and techniques, including manual testing, automated application vulnerability scanning/testing tools and source code review techniques.
• Perform penetration testing projects as part of a team to ensure they are delivered efficiently and on schedule.
• All client data is managed in strict accordance with Vantage Point Security data security and protection policies throughout the project.

• Achieve CREST CRT certification within 4 months of joining Vantage Point.
• Complete the Associate Consultant training program comprising the learning of penetration testing tools and techniques, including manual testing, automated application vulnerability scanning/testing tools and source code review techniques.
• Support Senior Consultants and Security Consultants to perform manual penetration tests of websites, services, infrastructure, networks, IoT Devices, and mobile applications to discover and report exploitable vulnerabilities.
• Clearly document findings and recommendations.
• Help to provide an environment where everybody is continuing to learn and develop.
• Continuously learn and master new hacking methods in new and emerging technologies.

Location:

Other locations: Primary Location Only

Date: 7 Mar 2025

Requisition ID: 1534795

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all.

We are looking to hire motivated and driven penetration testers to join our team of cybersecurity professionals. As a cybersecurity professional in EY Singapore, you will have the chance to work in engagement teams serving our clients in providing independent assessments or implementation of cyber solutions. As EY Singapore is a member of the whole global EY network, you will be part of an international connected team of specialists helping our clients with their most complex cybersecurity needs and contributing toward their business resilience.

You will be part of the Cybersecurity Attack & Penetration team at EY Singapore. This team provides technical cyber assessments that aim to assist clients gain insight and context to their cyber threats, and provide pragmatic recommendations to mitigate these threats. As a penetration tester in the Attack & Penetration team, your responsibilities include:

• Perform cybersecurity threat modelling
• Perform IT and OT network penetration testing
• Perform IOT penetration testing
• Perform red team assessments
• Conduct social engineering exercises
• Support in incident response

Through the technical assessments stated above, you will then advise clients on the security issues, including explanation on the technical details and how they can remediate the vulnerabilities in the processes and controls.

• Communication – Demonstrate that you listen and understand before responding
• Knowledgeable – Demonstrate deep technical capabilities and understanding of the client’s problems.
• Curiosity – Be proactive, learn fast and seek to identify issues that others might miss.
• Integrity – Conduct yourself as per EY’s values, and do not be afraid to admit mistakes.
• Impact – Consistently deliver exceptional quality work that positively impacts the projects that you are on.
• Teamwork – You seek to ensure that the team succeeds, rather than only yourself.

To qualify for the role you must have

• A degree in Computer Science, Computer Engineering, Information Technology or equivalent
• Industry-recognised penetration testing certifications such as, but not limited to:

a) Offensive Security Certified Professional (OSCP);

b) Offensive Security Web Expert (0SWE);

c) Offensive Security Certified Expert (OSCE);

d) Offensive Security Exploitation Expert (OSEE); and/or

e) Relevant certification from the Council of Registered Ethical Security Testers (CREST), such as CRT, CCT etc.

• Candidates with at least 2 years of working experience as a penetration tester will be considered for the Senior Consultant positions.
• Candidates with less than 2 years of working experience as a penetration tester will be considered for the Associate Consultant positions.

EY offers a competitive remuneration package where you’ll be rewarded for your individual and team performance. We are committed to being an inclusive employer and are happy to consider flexible working arrangements. Plus, we offer:

• Continuous learning: You’ll develop the mindset and skills to navigate whatever comes next.
• Success as defined by you: We’ll provide the tools and flexibility, so you can make a meaningful impact, your way.
• Transformative leadership: We’ll give you the insights, coaching and confidence to be the leader the world needs.
• Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs.

If you can demonstrate that you meet the criteria above, please contact us as soon as possible.

The exceptional EY experience. It’s yours to build.

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.

Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.

Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

Responsibilities

1. IT Security

• Oversee the secure handling, diagnostics, maintenance, and upgrade of IT infrastructure, including servers, network devices (routers/switches), laptops, and mobile devices.
• Enforce hardware security protocols such as BIOS/firmware integrity checks, full-disk encryption, asset tagging, and secure decommissioning and disposal.
• Manage the hardware lifecycle: procurement, inventory tracking, asset audits, and end-of-life management to ensure compliance with internal governance standards.
• Ensure infrastructure (both physical and virtual servers) meets enterprise-grade security and reliability requirements.

2. IT Compliance, Audit & Risk Management

• Lead and support IT compliance activities, particularly around ISO 27001, IT asset management, data centre access controls, and endpoint governance.
• Facilitate internal and external IT audits: prepare evidence, documentation, and ensure timely resolution of findings.
• Conduct regular security risk assessments on hardware, systems, and access controls; identify vulnerabilities and recommend mitigation strategies.
• Collaborate with GRC (Governance, Risk & Compliance) and security teams to align infrastructure practices with security frameworks and regulatory requirements.
• Maintain and enhance hardware evaluation processes, automated compliance checks, and incident reporting procedures.

3. Endpoint Security & Audit Readiness

• Deploy and manage endpoint protection tools (antivirus, encryption, patch management, DLP, MFA) across user and infrastructure devices.
• Ensure all endpoints comply with security baselines, access policies, and audit requirements.
• Monitor and report on endpoint compliance metrics, configuration drift, and non-compliance issues.
• Support identity and access management (IAM), including provisioning, group policy configurations, directory services, and secure remote access.

4. Network & Data Centre Security Support

• Provide technical support for secure LAN/WAN infrastructure and escalate advanced issues to global teams as needed.
• Configure and maintain network and perimeter devices in compliance with segmentation and access control policies.
• Support physical data centre operations: manage secure access, monitor environmental systems, maintain cabling, and ensure equipment integrity.
• Contribute to physical security governance: enforce CCTV, badge access, and logging procedures in restricted zones.

Requirements

• Bachelor’s degree in Computer Science, Information Security, IT, or related discipline.
• 8+ years of experience in IT Security, Endpoint security, and hardware security
• At least 3 years of In-depth experience supporting ISO 27001, IT compliance audits, and governance frameworks.
• Strong technical skills in server/network hardware diagnostics, BIOS and firmware security, and secure disposal processes.
• Strong experience in data centre operations
• Hands-on with Windows/Linux systems, endpoint protection suites, encryption technologies, and IAM tools.
• Proficient in analysing system logs, identifying anomalies, and supporting incident response.
• Experience with cloud infrastructure (e.g., Azure, AWS), ITSM tools (e.g., ServiceNow), and formal documentation practices.
• Solid understanding of physical security standards, including power, cooling, access control, and surveillance in data centre environments.

Press Tab to Move to Skip to Content Link

Select how often (in days) to receive an alert:

Location:

Singapore (City Area), SG, 048624

Company: UOB Asset Management Ltd

United Overseas Bank Limited (UOB) is a leading bank in Asia with a global network of more than 500 branches and offices in 19 countries and territories in Asia Pacific, Europe and North America. In Asia, we operate through our head office in Singapore and banking subsidiaries in China, Indonesia, Malaysia and Thailand, as well as branches and offices.

Our history spans more than 80 years. Over this time, we have been guided by our values – Honorable, Enterprising, United and Committed. This means we always strive to do what is right, build for the future, work as one team and pursue long-term success. It is how we work, consistently, be it towards the company, our colleagues or our customers.

Established in 1986,UOB Asset Management (UOBAM) is a wholly owned subsidiary of United Overseas Bank. Headquartered in Singapore, UOBAM has grown extensively across Asia with local presence in Brunei, Indonesia, Japan, Malaysia, Taiwan, Thailand and Vietnam. Our network includes UOB Islamic Asset Management in Malaysia and a joint venture with China’s Ping An Trust to form Ping An Fund Management Company. We have also forged a strategic alliance with Wellington Management Singapore.

Our experienced team of more than 90 investment professionals conduct rigorous fundamental research within a proven investment framework to provide our clients with innovative investment solutions. The strength of our team lies in our commitment to investment excellence. Our performance has been recognised by the industry and we have garnered over 340 awards regionally since 1986.

Through our regional network, we offer global investment management expertise to individuals, institutions and corporations. Our comprehensive suite of products ranges from retail unit trusts and exchange-traded funds to customised portfolio management services for institutional clients. A leader in innovation, UOBAM offers a digital option to manage investments with UOBAM Invest robo-adviser, making investing simpler, smarter and safer.

UOBAM Technology provides software and system development, as well as information technology support services and banking operations.

We have centralized and standardized the technology components into Singapore, creating a global footprint which can be utilized for supporting our regional subsidiaries and the branches around the world. We operate and support 8 countries with this architecture to provide a secure and flexible Asset Management infrastructure.

We are looking for an Information and Cyber Security Engineer. You will be part of the founding key team member, reporting to the Head of Information and Cyber Security and working closely with team leads in the transformation of the business. If you are passionate about technology and digital transformation for business and want to be in a team where your views matter, learning and collaboration is part of the culture, please reach out and we would love to talk to you!

• Design, implement, and manage security solutions across on-premise and cloud environments (AWS, GCP, Azure) using cloud-native security tools and services.
• Configure and maintain secure cloud architectures, identity and access management (IAM), security monitoring, and incident response automation.
• Perform continuous security monitoring, log analysis, and threat detection using SIEM tools, endpoint security, and cloud security monitoring solutions.
• Conduct security assessments, vulnerability scanning, penetration testing, and remediation activities to mitigate security risks.
• Perform risk assessments for applications, infrastructure, and third-party services, ensuring compliance with frameworks such as CIS, NIST, PCI DSS, and SOC 2.
• Investigate security incidents, analyze attack patterns, and lead response efforts to mitigate threats in real time.
• Support compliance initiatives by ensuring security controls meet regulatory and internal requirements, including MAS guidelines.
• Develop automation scripts and tools for security monitoring, threat intelligence integration, and policy enforcement.
• Assist in delivering security training programs and promoting a security-first mindset across the organization.
• Continuously research and implement security best practices, emerging threats, and new cybersecurity technologies.

• Excellent relationship-building, stakeholder management, communication, and influencing skills.
• Experience managing senior business stakeholders.
• Strong motivation and capability to drive initiatives and changes.
• Proactive leadership and teamwork skills.
• Relevant industry certifications (e.g., CISSP, CISM, CISA, CCSP).
• Excellent analytical and problem-solving abilities.
• Experience in team leadership, coaching, and mentoring.
• Knowledge of industry standards such as ISO 27001, MAS TRM, NIST, CIS, PCI/DSS, and SOC 2.
• Familiarity with security technologies such as firewalls, intrusion detection systems, and endpoint protection.
• Experience with security operations centers (SOC) and setting up SOC models.
• Strong program management background.
• Product-specific certifications such as MCSE, CCNA Security.
• Good knowledge of TCP/IP protocol.
• Ability to handle sensitive information with confidentiality and integrity.
• Experience in driving enterprise initiatives for E2E security posture analysis.
• Ability to work with subsidiaries and understand regional security requirements.

UOB is an equal opportunity employer. UOB does not discriminate on the basis of a candidate's age, race, gender, color, religion, sexual orientation, physical or mental disability, or other non-merit factors. All employment decisions at UOB are based on business needs, job requirements and qualifications. If you require any assistance or accommodations to be made for the recruitment process, please inform us when you submit your online application.

About Us

Founded in 2012, ByteDance's mission is to inspire creativity and enrich life. With a suite of more than a dozen products, including TikTok, Lemon8, CapCut and Pico as well as platforms specific to the China market, including Toutiao, Douyin, and Xigua, ByteDance has made it easier and more fun for people to connect with, consume, and create content.

Why Join ByteDance

Inspiring creativity is at the core of ByteDance's mission. Our innovative products are built to help people authentically express themselves, discover and connect – and our global, diverse teams make that possible. Together, we create value for our communities, inspire creativity and enrich life - a mission we work towards every day.

As ByteDancers, we strive to do great things with great people. We lead with curiosity, humility, and a desire to make impact in a rapidly growing tech company. By constantly iterating and fostering an "Always Day 1" mindset, we achieve meaningful breakthroughs for ourselves, our Company, and our users. When we create and grow together, the possibilities are limitless. Join us.

Diversity & Inclusion

ByteDance is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. Our platform connects people from across the globe and so does our workplace. At ByteDance, our mission is to inspire creativity and enrich life. To achieve that goal, we are committed to celebrating our diverse voices and to creating an environment that reflects the many communities we reach. We are passionate about this and hope you are too.

About the Team

The Internal Threat Management team is responsible for managing and mitigating information security risks posed within the organisation. To ensure that the company's risk management and governance strategies are up to date and aligned across the organisation, this team is responsible for regular industry benchmarking and working with stakeholders from cross-functional teams to perform regular risk assessments and align risk mitigation strategies. This team is also responsible for managing the optimization, operation, training, and data analysis of the internal threat platform and UEBA (User and Entity Behavior Analytics) and DLP (Data Loss Prevention) platforms within the company.

Responsibilities

1. Maintain a robust risk governance framework that supports internal threat management, ensuring it is aligned with the organization’s overall risk management and compliance strategies.

2. Establish and manage processes for risk assessment, control testing, and risk mitigation related to internal threats, ensuring that these processes are effective and aligned with industry best practices.

3. Develop and define key risk metrics to assess the effectiveness of internal threat detection and mitigation strategies

4. Continuously monitor and analyze internal threat data, identifying emerging trends, patterns, and areas of concern related to insider threats

5. Develop and deliver regular risk reports for senior management, providing insights on the status and effectiveness of internal threat programs, key risk indicators, and threat trends.

6. Work closely with internal stakeholders to ensure that policies and procedures are properly followed and that risk management processes are integrated across departments.

Minimum Qualifications

1. Bachelor's degree or above, with a preference for majors in Information Security, Computer Science, Information Technology, privacy, risk or a related field. Professional certifications such as CISSP, CISM, CRISC, or CGEIT are highly desirable.

2. Minimum of 5 years of work experience, with at least 3 years of team management experience and a preference for experience in risk management and insider threat program.

3. Strong experience in data analysis and the ability to extract insights from complex risk data to identify patterns and trends. Expertise in developing dashboards and reports that clearly communicate complex risk data to senior management and non-technical stakeholders.

4. Proficient in risk governance frameworks and best practices for internal threat management, including risk assessments, control testing, and compliance.

5. Solid understanding of insider threat risks, including data exfiltration, privilege abuse, policy violations, and insider fraud.

6. Strong communication skills, with the ability to translate complex risk-related information into clear, actionable insights for diverse audiences.

Preferred Qualifications

1. Familiarity with regulatory requirements related to data protection and internal threat management (e.g., GDPR, CCPA, HIPAA).

2. Experience with designing, implementation and operation of commercial or in-house UBA/UEBA solutions (e.g., Splunk, Exabeam) are highly desirable

3. Experience with threat modeling methodologies (e.g., STRIDE, PASTA) to analyze and assess security threats within software applications, systems, and networks.

About Us

Founded in 2012, ByteDance's mission is to inspire creativity and enrich life. With a suite of more than a dozen products, including TikTok, Lemon8, CapCut and Pico as well as platforms specific to the China market, including Toutiao, Douyin, and Xigua, ByteDance has made it easier and more fun for people to connect with, consume, and create content.

Why Join ByteDance

Inspiring creativity is at the core of ByteDance's mission. Our innovative products are built to help people authentically express themselves, discover and connect – and our global, diverse teams make that possible. Together, we create value for our communities, inspire creativity and enrich life - a mission we work towards every day.

As ByteDancers, we strive to do great things with great people. We lead with curiosity, humility, and a desire to make impact in a rapidly growing tech company. By constantly iterating and fostering an "Always Day 1" mindset, we achieve meaningful breakthroughs for ourselves, our Company, and our users. When we create and grow together, the possibilities are limitless. Join us.

Diversity & Inclusion

ByteDance is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. Our platform connects people from across the globe and so does our workplace. At ByteDance, our mission is to inspire creativity and enrich life. To achieve that goal, we are committed to celebrating our diverse voices and to creating an environment that reflects the many communities we reach. We are passionate about this and hope you are too.

About the Team

The Internal Threat Management team is responsible for managing and mitigating information security risks posed within the organisation. To ensure that the company's risk management and governance strategies are up to date and aligned across the organisation, this team is responsible for regular industry benchmarking and working with stakeholders from cross-functional teams to perform regular risk assessments and align risk mitigation strategies. This team is also responsible for managing the optimization, operation, training, and data analysis of the internal threat platform and UEBA (User and Entity Behavior Analytics) and DLP (Data Loss Prevention) platforms within the company.

Responsibilities

1. Maintain a robust risk governance framework that supports internal threat management, ensuring it is aligned with the organization’s overall risk management and compliance strategies.

2. Establish and manage processes for risk assessment, control testing, and risk mitigation related to internal threats, ensuring that these processes are effective and aligned with industry best practices.

3. Develop and define key risk metrics to assess the effectiveness of internal threat detection and mitigation strategies

4. Continuously monitor and analyze internal threat data, identifying emerging trends, patterns, and areas of concern related to insider threats

5. Develop and deliver regular risk reports for senior management, providing insights on the status and effectiveness of internal threat programs, key risk indicators, and threat trends.

6. Work closely with internal stakeholders to ensure that policies and procedures are properly followed and that risk management processes are integrated across departments.

Minimum Qualifications

1. Bachelor's degree or above, with a preference for majors in Information Security, Computer Science, Information Technology, privacy, risk or a related field. Professional certifications such as CISSP, CISM, CRISC, or CGEIT are highly desirable.

2. Minimum of 5 years of work experience, with at least 3 years of team management experience and a preference for experience in risk management and insider threat program.

3. Strong experience in data analysis and the ability to extract insights from complex risk data to identify patterns and trends. Expertise in developing dashboards and reports that clearly communicate complex risk data to senior management and non-technical stakeholders.

4. Proficient in risk governance frameworks and best practices for internal threat management, including risk assessments, control testing, and compliance.

5. Solid understanding of insider threat risks, including data exfiltration, privilege abuse, policy violations, and insider fraud.

6. Strong communication skills, with the ability to translate complex risk-related information into clear, actionable insights for diverse audiences.

Preferred Qualifications

1. Familiarity with regulatory requirements related to data protection and internal threat management (e.g., GDPR, CCPA, HIPAA).

2. Experience with designing, implementation and operation of commercial or in-house UBA/UEBA solutions (e.g., Splunk, Exabeam) are highly desirable

3. Experience with threat modeling methodologies (e.g., STRIDE, PASTA) to analyze and assess security threats within software applications, systems, and networks.