8 Security Assessments jobs in Singapore

About the Role

As a Penetration Testing Specialist, reporting to the Internal Audit function, you will play a critical role in evaluating the organization's cybersecurity posture by simulating real-world attacks and identifying vulnerabilities across systems, applications, and networks. Your work directly supports audit objectives by validating the effectiveness of security controls, ensuring regulatory compliance, and mitigating operational risks.

Key Responsibility

• Conduct comprehensive penetration tests on applications, databases, systems and networks to identify security vulnerabilities, and prepare a detail report on the findings.
• Propose measures to ensure that identified vulnerabilities are addressed.
• Work closely with IT, risk, and compliance teams to track remediation efforts and verify closure.
• Simulate cyber attacks to evaluate defensive measures and improve security posture.

Requirements

• Minimum 5 years of hands-on penetration testing experience for web applications, mobile applications, APIs, network, databases and load testing.
• Experience conducting secure code review.
• Degree in computer science/computer engineering/information security or equivalent.
• Working knowledge of all aspects of information security is essential.
• Familiarity with systems and operational architecture of large internet companies or online business models.
• Good communication (spoken and written) skills, able to work independently and as a team.
• Certifications from either GIAC/Offensive Security/CREST required.
• Hands on experience in Kali Linux, Burp, and other advanced penetration testing, and secure code review tools.
• Good to have: Basic Mandarin skills for simple verbal and written communication with Chinese partners.

渗透测试专家

关于职位

作为一名向内部审计部门汇报的渗透测试专家,您将在评估组织的网络安全态势方面发挥关键作用,通过模拟真实攻击并识别系统、应用程序和网络中的漏洞。您的工作将通过验证安全控制措施的有效性、确保合规性并降低运营风险,直接支持审计目标。

主要职责

• 对应用程序、数据库、系统和网络进行全面的渗透测试,以识别安全漏洞,并撰写详细的调查报告。
• 提出措施,确保已识别的漏洞得到解决。
• 与IT、风险和合规团队紧密合作,跟踪修复工作并验证漏洞已关闭。
• 模拟网络攻击,评估防御措施并提升安全态势。

职位要求

• 至少5年Web应用程序、移动应用程序、API、网络、数据库和负载测试的渗透测试经。
• 具备安全代码审查经验。
• 计算机科学/计算机工程/信息安全或同等学历。
• 具备信息安全各方面的工作知识。
• 熟悉大型互联网公司或在线商业模式的系统和运营架构。
• 良好的沟通能力,能够独立工作和团队合作。
• 需持有GIAC/Offensive Security/CREST认证。
• 具有 Kali Linux、Burp 和其他高级渗透测试及安全代码审查工具的实践经验。
• 加分项:具备基础中文能力,能够进行简单的口头和书面沟通。

We are seeking a highly motivated and skilled trainee to join our penetration testing team. As a Penetration Tester Trainee, you will be responsible for performing vulnerability assessments and penetration testing based on proven methodologies.

Key responsibilities include:

• Performing web application penetration testing, mobile application penetration testing, and network penetration testing.
• Conducting security hardening reviews of infrastructure, common operating systems, and servers.
• Participating in source code reviews.

Training and Mentorship

As a Penetration Tester Trainee, you will receive extensive training and mentorship to equip you with the necessary knowledge and skills. Our training program includes:

• Comprehensive training modules covering penetration testing methodologies, tools, and techniques.
• Hands-on exercises and labs to gain practical experience in identifying and exploiting vulnerabilities.
• Exposure to a variety of real-world scenarios and challenges to develop your problem-solving skills.
• Access to industry-standard penetration testing tools and platforms.
• Regular feedback and guidance from experienced penetration testers who will serve as mentors throughout your training period.
• Opportunities to shadow and assist senior penetration testers on client engagements.
• Continuous learning and professional development through workshops, conferences, and online resources.

Requirements

To be successful in this role, you must possess:

• A strong interest in cybersecurity and a passion for learning about penetration testing.
• A basic understanding of computer networks, operating systems, and web technologies.
• Familiarity with common penetration testing tools and techniques is a plus.
• Excellent problem-solving and analytical skills.
• Effective written and verbal communication skills.
• The ability to work both independently and collaboratively within a team.
• Demonstrated ability to handle confidential information with professionalism and integrity.

Qualifications

Candidate must possess at least a Diploma/Professional Degree in Computer Science/Information Technology or equivalent.

Overview
We are partnering with a boutique consultancy who has been expanding its team progressively in the past few years. The ideal candidate will have hands-on experience in vulnerability assessment and penetration testing (VAPT), and a strong foundation in offensive security practices. This role requires a proactive individual who can assess, identify, and exploit security vulnerabilities across network and web environments, and provide actionable remediation recommendations to strengthen clients’ security posture.
Responsibilities
Conduct network and web application vulnerability assessments and penetration tests (VAPT) to identify and validate security risks.
Prepare detailed reports outlining findings, risks, and practical remediation strategies.
Work closely with clients and internal teams to deliver effective security solutions.
Stay updated with emerging security threats, exploits, and industry best practices.
Support internal research and development to enhance service offerings.
Qualifications
Must be a Singapore Citizen.
Minimum 2 years of relevant hands-on security testing experiences.
Certifications (at least one required): OSCP / OSCP+ / CRT
Strong knowledge of network protocols, web application architecture, and common vulnerabilities (e.g., OWASP Top 10).
Familiarity with industry-standard tools (e.g., Burp Suite, Metasploit, Nmap, Nessus, etc.).
Strong analytical and problem-solving skills with attention to detail.
Excellent communication and report-writing skills.
Good to Have
Additional offensive security certifications (e.g., OSWE, OSEP, CRTO, CRTL).
Exposure to source code review, cloud penetration testing and mobile application testing.
Experience working with government or regulated industry clients.
Why Join Us?
Opportunity to work on challenging, real-world security engagements.
Professional growth through advanced projects and certifications.
Collaborative and knowledge-sharing environment.
#J-18808-Ljbffr

Overview
The Penetration Testing function will be responsible for planning and overseeing the delivery of testing and certification services, or designing and performing tests and check cases to determine if infrastructure components, systems and applications meet security standards for confidentiality, integrity, authentication, availability, authorisation and non-repudiation. The role translates requirements into test plans, writes and executes test scripts or code in line with standards and procedures to determine vulnerability from attacks. It certifies components and reports on testing outcomes, providing recommendations and managing stakeholder expectations while ensuring compliance with assessment and testing standards, processes and tools. The role may also develop the organisational security testing capability and support knowledge management.
Responsibilities
Operate a hands-on role involving penetration testing and vulnerability assessment of ICT systems (e.g., Web, Mobile, Thick Client, Network).
Plan and create penetration testing methods, scripts, and tests.
Carry out scoping activities to identify components requiring penetration testing.
Define test requirements and criteria for penetration testing.
Create reports and recommendations from findings, security issues and risk levels.
Advise on methods to fix or lower security risks to the Development Team.
Present findings, risks, and conclusions to stakeholders.
Automate penetration testing activities to save time and effort.
Mentor and train new joiners and junior resources on Penetration Testing activities.
Involve in security testing and tools procurement activities.
Contribute to Penetration Testing process improvement.
Requirements
5+ years of relevant experience including Penetration Testing on Web Applications, Mobile, Thick Client and Infrastructure applications.
Business risk awareness with strong reporting, writing, and client presentation skills. Consulting experience within a Professional Services organization.
Strong analytical skills and ability to work independently.
Responsible for delivery of project objectives; good sense of ownership.
Programming skills in at least one of: SAP, ABAP, .NET, Python, Ruby, Java or Regular expressions.
Experience in the healthcare industry is an advantage.
Must have OSCP or CREST-CRT certifications; additional certifications like OSCE or CISSP are a plus.
Good team player with excellent verbal and written communication skills.
#J-18808-Ljbffr

MINDEF

Permanent

Closing on 21 Sep 2025

What the role is

You will play a pivotal role in safeguarding Singapore's defence and security interests by conducting comprehensive Penetration Testing (PT), Vulnerability Assessments (VA), and Source Code Security Reviews on IT assets, including infrastructure, web applications, and military applications.

What you will be working on

• Conduct comprehensive Penetration Testing (PT), Vulnerability Assessments (VA), and Source Code Security Reviews on IT assets, including infrastructure, web applications, and military applications
• Develop tailored security assessment tools and scripts to enhance testing capabilities and address evolving threat vectors
• Document findings, conduct analysis, and prepare detailed technical reports, including executive summaries for various stakeholders
• Collaborate with security engineers, developers, and other stakeholders to provide actionable guidance on remediating identified security risks and vulnerabilities
• Provide expertise in the design and implementation of security controls across applications, infrastructure, and network systems
• Develop and deliver specialised training and awareness programs to elevate the cybersecurity capabilities of the SAF personnel, with opportunities for growth in leadership and knowledge-sharing in the military cybersecurity context
• Maintain up-to-date knowledge of emerging threats, security best practices, and industry-standard frameworks
  Challenge(s)
• Maintaining consistent quality under time pressure
• Quickly learning and troubleshooting various tools and platforms

What we are looking for

• Education in Information Security, Computer Science, IT or a related field
• Industry-recognised certifications such as CREST CRT, GPEN, or OSCP
• At least 1 year of hands-on experience in conducting PT and VA, with a strong preference for experience in military or government-focused penetration testing
• Experience conducting security assessments on application infrastructure, networks, and cloud-based systems
• Strong understanding of web application, infrastructure, and network security architecture
• Excellent communication and presentation skills, with a focus on conveying complex security findings to both technical and non-technical stakeholders
• Ability to work independently and collaboratively within cross-functional teams
• Highly analytical, self-driven, and committed to continuous learning and skill enhancement
• Proficiency in scripting languages, such as Python, PowerShell, JavaScript, VBScript, Ruby, or Perl
• Track record of identifying and disclosing vulnerabilities or recognition in Capture-The-Flag (CTF) competitions
• Proficiency with tools such as BurpSuite, Metasploit, Nexpose, Nessus, and other industry-standard penetration testing and vulnerability assessment tools
  Appointment will be commensurate with your experience.
  Only shortlisted candidates will be notified.

About MINDEF

The mission of MINDEF and the Singapore Armed Forces is to enhance Singapore's peace and security through deterrence and diplomacy, and should these fail, to secure a swift and decisive victory over the aggressor.
The Defence Executive Officer (DXO) scheme is the non-uniformed career scheme of MINDEF that offers myriad opportunities in various job functions, such as corporate communications, cyber security, data analytics and visualisation, defence policy, finance, HR, psychology, and more. Embodying the same level of commitment towards defence, DXOs work together with their military counterparts to contribute to MINDEF/SAF's mission and ensure Singapore's security and stability. United by this common cause, our lines of defence complement each other to secure the prosperity and progress of our nation.

About your application process

This job is closing on 21 Sep 2025.

If you do not hear from us within 4 weeks of the job ad closing date, we seek your understanding that it is likely that we are not moving forward with your application for this role. We thank you for your interest and would like to assure you that this does not affect your other job applications with the Public Service. We encourage you to explore and for other roles within MINDEF or the wider Public Service.

Military Security Department

Permanent

What the role is

You will be part of a team that conducts audits and evaluates risk-handling of MINDEF/ SAF'S information.

What you will be working on

You will be part of a team to formulate and review risk assessment frameworks and indicators; conduct security risk assessments of industries and qualify industries and facilities to handle classified information. You will also be mitigating risks to an acceptable level.

What we are looking for

You should have a tertiary education, be resourceful and possess good interpersonal and communication skills. Prior experience in security management/risk assessment would be advantageous.

About Military Security Department

The Military Security Department (MSD)'s core business is in Counter Intelligence and internal security for MINDEF/SAF. MSD was formed in 1975 to counter the threats of espionage, subversion and sabotage against MINDEF/SAF. It began with two main entities, namely the Counter Intelligence Branch (CIB) and Field Security Branch (FSB). Over the years, the department has continued to evolve and our roles expanded in tandem with the changing security environment. Today, our roles also include Counter Terrorism and Cyber Security.

About your application process

If you do not hear from us within 4 weeks of the job ad closing date, we seek your understanding that it is likely that we are not moving forward with your application for this role. We thank you for your interest and would like to assure you that this does not affect your other job applications with the Public Service. We encourage you to explore and for other roles within Military Security Department or the wider Public Service.