6 Security Assessments jobs in Singapore

Seeking Cybersecurity Experts

We are looking for experienced penetration testing professionals to join our team. As a penetration testing consultant, you will be responsible for executing technical security assessments.

The ideal candidate should have:

• Bachelor's degree in computer science, cybersecurity, or related field

Candidates with the following skills and qualifications will be viewed favorably:

• Credited with CVEs
• Participates in bug bounty programs
• Organizes or participates in CTFs
• Delivers technical research at security conferences

To succeed in this role, you should have:

• 3+ years of experience in penetration testing or a related field
• Knowledge of penetration testing methodologies, tools and frameworks
• Experience with network (wired and wireless) and application (web, mobile, thick) security testing

We offer competitive compensation and benefits packages.

Interested candidates should apply promptly.

About the Role

As a Penetration Testing Specialist, reporting to the Internal Audit function, you will play a critical role in evaluating the organization's cybersecurity posture by simulating real-world attacks and identifying vulnerabilities across systems, applications, and networks. Your work directly supports audit objectives by validating the effectiveness of security controls, ensuring regulatory compliance, and mitigating operational risks.

Key Responsibility

• Conduct comprehensive penetration tests on applications, databases, systems and networks to identify security vulnerabilities, and prepare a detail report on the findings.
• Propose measures to ensure that identified vulnerabilities are addressed.
• Work closely with IT, risk, and compliance teams to track remediation efforts and verify closure.
• Simulate cyber attacks to evaluate defensive measures and improve security posture.

Requirements

• Minimum 5 years of hands-on penetration testing experience for web applications, mobile applications, APIs, network, databases and load testing.
• Experience conducting secure code review.
• Degree in computer science/computer engineering/information security or equivalent.
• Working knowledge of all aspects of information security is essential.
• Familiarity with systems and operational architecture of large internet companies or online business models.
• Good communication (spoken and written) skills, able to work independently and as a team.
• Certifications from either GIAC/Offensive Security/CREST required.
• Hands on experience in Kali Linux, Burp, and other advanced penetration testing, and secure code review tools.
• Good to have: Basic Mandarin skills for simple verbal and written communication with Chinese partners.

渗透测试专家

关于职位

作为一名向内部审计部门汇报的渗透测试专家,您将在评估组织的网络安全态势方面发挥关键作用,通过模拟真实攻击并识别系统、应用程序和网络中的漏洞。您的工作将通过验证安全控制措施的有效性、确保合规性并降低运营风险,直接支持审计目标。

主要职责

• 对应用程序、数据库、系统和网络进行全面的渗透测试,以识别安全漏洞,并撰写详细的调查报告。
• 提出措施,确保已识别的漏洞得到解决。
• 与IT、风险和合规团队紧密合作,跟踪修复工作并验证漏洞已关闭。
• 模拟网络攻击,评估防御措施并提升安全态势。

职位要求

• 至少5年Web应用程序、移动应用程序、API、网络、数据库和负载测试的渗透测试经。
• 具备安全代码审查经验。
• 计算机科学/计算机工程/信息安全或同等学历。
• 具备信息安全各方面的工作知识。
• 熟悉大型互联网公司或在线商业模式的系统和运营架构。
• 良好的沟通能力,能够独立工作和团队合作。
• 需持有GIAC/Offensive Security/CREST认证。
• 具有 Kali Linux、Burp 和其他高级渗透测试及安全代码审查工具的实践经验。
• 加分项:具备基础中文能力,能够进行简单的口头和书面沟通。

About the Role

As a Penetration Testing Specialist, reporting to the Internal Audit function, you will play a critical role in evaluating the organization’s cybersecurity posture by simulating real-world attacks and identifying vulnerabilities across systems, applications, and networks. Your work directly supports audit objectives by validating the effectiveness of security controls, ensuring regulatory compliance, and mitigating operational risks.

Key Responsibility

• Conduct comprehensive penetration tests on applications, databases, systems and networks to identify security vulnerabilities, and prepare a detail report on the findings.
• Propose measures to ensure that identified vulnerabilities are addressed.
• Work closely with IT, risk, and compliance teams to track remediation efforts and verify closure.
• Simulate cyber attacks to evaluate defensive measures and improve security posture.

Requirements

• Minimum 5 years of hands-on penetration testing experience for web applications, mobile applications, APIs, network, databases and load testing.
• Experience conducting secure code review.
• Degree in computer science/computer engineering/information security or equivalent.
• Working knowledge of all aspects of information security is essential.
• Familiarity with systems and operational architecture of large internet companies or online business models.
• Good communication (spoken and written) skills, able to work independently and as a team.
• Certifications from either GIAC/Offensive Security/CREST required.
• Hands on experience in Kali Linux, Burp, and other advanced penetration testing, and secure code review tools.
• Good to have: Basic Mandarin skills for simple verbal and written communication with Chinese partners.

渗透测试专家

关于职位

作为一名向内部审计部门汇报的渗透测试专家，您将在评估组织的网络安全态势方面发挥关键作用，通过模拟真实攻击并识别系统、应用程序和网络中的漏洞。您的工作将通过验证安全控制措施的有效性、确保合规性并降低运营风险，直接支持审计目标。

主要职责

• 对应用程序、数据库、系统和网络进行全面的渗透测试，以识别安全漏洞，并撰写详细的调查报告。
• 提出措施，确保已识别的漏洞得到解决。
• 与IT、风险和合规团队紧密合作，跟踪修复工作并验证漏洞已关闭。
• 模拟网络攻击，评估防御措施并提升安全态势。

职位要求

• 至少5年Web应用程序、移动应用程序、API、网络、数据库和负载测试的渗透测试经。
• 具备安全代码审查经验。
• 计算机科学/计算机工程/信息安全或同等学历。
• 具备信息安全各方面的工作知识。
• 熟悉大型互联网公司或在线商业模式的系统和运营架构。
• 良好的沟通能力，能够独立工作和团队合作。
• 需持有GIAC/Offensive Security/CREST认证。
• 具有 Kali Linux、Burp 和其他高级渗透测试及安全代码审查工具的实践经验。
• 加分项：具备基础中文能力，能够进行简单的口头和书面沟通。

Penetration Test & Vulnerability Assessment Specialist
GovTech is the lead agency driving Singapore’s Smart Nation initiatives and public sector digital transformation. As the Centre of Excellence for Infocomm Technology and Smart Systems (ICT & SS), GovTech develops the Singapore Government’s capabilities in Data Science & Artificial Intelligence, Application Development, Smart City Technology, Digital Infrastructure, and Cybersecurity.
At GovTech, we offer you a purposeful career to make lives better where we empower our people to master their craft through robust learning and development opportunities all year round.
Play a part in Singapore’s vision to build a Smart Nation and embark on your meaningful journey to build tech for public good. Join us to advance our mission and shape your future with us today!
Learn more about GovTech at tech.gov.sg.
What you will be working on
Do you want to play a critical role in securing our smart nation initiatives by uncovering weaknesses in various domains of cybersecurity programs even before the real threat actors come to play? And are you up to race against the real threat actors before organisations are compromised?
We are seeking a cybersecurity specialist in penetration testing & vulnerability assessment to join our Cyber Security Group’s Red Team. You will be part of the team that helps to protect our government’s assets from cyber-attacks. In addition, you will also have the opportunities to be involved in assessing the cybersecurity aspects of new developments in our smart nation initiatives, and demonstrate ability to quickly assimilate to knowledge in new technologies. As part of this team, you will perform penetration testing and vulnerability assessment that span across infrastructure, web application, mobile application, source code security review, etc. This role will also involve you in carrying targeted Adversary Simulations.
What you will be working on
Conduct Penetration Testing (PT), Vulnerability Assessment (VA) and Source code security review on IT assets
Support in the documentation of findings, analysis, report preparation and presentation
Develop customised tools to conduct PT and VA
Support stakeholders such as security engineers and developers in providing guidance to remediate security risks from security testing and assessments
Support stakeholders such as security engineers and developers in providing guidance in design and security controls in application, infrastructure, network, etc.
Develop Application Security related awareness programme/training/courses to uplift application security capabilities and competencies of GovTech officers
Familiar with security principles, policies and industry best practices
What we are looking for
Degree in Information Security, Computer Science/Engineering, IT, or equivalent
Passionate in cybersecurity
Good understanding of web application, system and infrastructure architecture
Good communication & presentation skills
Collaborative and team player, self-motivated, creative and versatile
Added advantage if you possess the following:
Penetration testing-specific certifications such as GPEN, CREST, OSCP is an advantage
At least 1-year hands-on experience performing PT/VA
Familiar with scripting language, for example, Perl, Python, VBscript, Javascript or Powershell, Ruby
Public disclosure of vulnerabilities or relevant awards/participations from Capture-The-Flags (CTF) competitions
Experience using tools such as Nexpose/Nessus, BurpSuite, Metasploit, etc.
Experience in security risk assessments on application, infrastructure, network, etc.
GovTech is an equal opportunity employer committed to fostering an inclusive workplace that values diverse voices and perspectives, as we believe that diversity is the foundation to innovation.
Our employee benefits are based on a total rewards approach, offering a holistic and market-competitive suite of perks. These include leave benefits to meet your work-life needs and employee wellness programmes.
We champion flexible work arrangements (subject to your job role) and trust that you will manage your own time to deliver your best, wherever you are, and whatever works best for you.
Learn more about life inside GovTech at go.gov.sg/GovTechCareers.
Stay connected with us on social media at go.gov.sg/ConnectWithGovTech.
Seniority level: Mid-Senior level
Employment type: Full-time
Job function: Quality Assurance
Industries: IT Services and IT Consulting
Note: This description preserves the original job content while presenting it in a clean, accessible format.
#J-18808-Ljbffr