297 Security Testing jobs in Singapore

Seeking a highly skilled and motivated Senior Cyber Security Testing Specialist who is skilled in application and infrastructure penetration testing, vulnerability assessment and secure code review to conduct, guide and review the work of external and cross function team security testers. In this role, you will be responsible for assessing and enhancing the security posture of the organisation’s critical applications and infrastructure through comprehensive testing, vulnerability assessment, and penetration testing techniques. Your expertise will play a crucial role in identifying security vulnerabilities and recommending risk mitigation strategies to different senior stakeholders.

Make An Impact By

• Coordinate and Oversee Penetration Testing & Vulnerability Assessment Engagements:
  • Manage and coordinate penetration testing and vulnerability assessment engagements with external vendors, ensuring effective communication and collaboration between internal stakeholders and vendors.
  • Work closely with Domain security champions to review and tailor the scope, rules of engagement, testing methodologies, and reporting for external penetration tests and vulnerability assessments.
  • Collaborate with cross-functional teams to provide guidance on Singtel's security standards, recommend best practices, and advise on effective remediation strategies.
  • Review penetration testing reports, prioritize identified vulnerabilities, and coordinate efforts to address them in a timely manner.
  • Track and report on the progress and outcomes of penetration testing and vulnerability assessments, ensuring that all findings are addressed appropriately.
• Maintenance of tools and Conduct Various Penetration Tests:
  • Perform different types of penetration testing (e.g., AI models, application, API, Infrastructure, etc.) following recognized methodologies, including OWASP and Singtel’s internal standards, utilizing both manual and automated testing methods, as needed.
  • Maintain and configure the tests required of automated testing tools to support black box and white box testing, and ensure alignment with latest industry test requirements e.g. OWASP, covering all forms of technologies e.g. Cloud Apps, On-prem Apps, COTS products, In-house developed Apps, AI models, APIs, OS, DB, VM, Network devices, etc.
  • Identify gaps in automated testing tools and propose new tooling required to augment testing program as needed.
• Bug Bounty Program Management:
  • Oversee and manage the bug bounty program and associated platforms for identifying and addressing reported vulnerabilities.
  • Validate/ triage the reported vulnerabilities, assess their impact on Singtel’s systems, and collaborate with relevant stakeholders to prioritize and remediate the issues.
  • Track and report on findings and outcomes from the bug bounty program to ensure timely resolution.
  • Develop engaging programs to boost the visibility and popularity of Singtel's bug bounty program.
• Manage and conduct secure code reviews using scanning tools and techniques to identify security weaknesses in software code.
• Analyze the results from code scans and work closely with development teams to implement necessary security fixes.
• Assist in the creation and implementation of secure coding practices across the organization.
• Vulnerability Retesting and Documentation:
  • Retest security vulnerabilities arising from various sources e.g. Bug Bounty, Penetration testing, etc. after remediation and update reports with the latest results and outcomes.
  • Develop and maintain comprehensive documentation for all vulnerability assessments, secured code reviews and penetration tests, including detailed findings, methodologies, and recommendations for improvements etc.
• Stay Current with Security Trends and Threats:
  • Continuously monitor the latest security trends, emerging vulnerabilities, and attack techniques to ensure that security testing methodologies and tools remain up-to-date and effective.

Skills for Success:

• Bachelor's degree in Computer Science, Information Security, or a related field.
• Attained OSCP or CREST.
• At least 5 years of experience working in Cyber and Information security field.
• Solid experience in application security testing, vulnerability assessment, secure code review and penetration testing.
• Proficiency in performing AI models, API and application security testing using manual techniques, as well as utilizing runtime vulnerability testing tools and/or code review tools.
• Strong understanding of OWASP Top 10, CWE/SANS Top 25, and other common vulnerability frameworks.
• Out of which, at least 3 years experience in delivering various AI model, API, application, infrastructure penetration testing, vulnerability assessment and secure code review.
• Proficiency in performing AI model, API and application security assessment using manual techniques.
• Proficient in using and managing various security tools and products like Fortify, AppScan, Webinspect, Burp Suite, Nessus, Guardrails AI, Giskard, Moonshot, Deepcheck, Evidently, Pyrit, Adversarial Robustness Toolbox (ART), PyRIT, etc.

Rewards that Go Beyond

• Full suite of health and wellness benefits.
• Ongoing training and development programs.
• Internal mobility opportunities.

Are you ready to say hello to BIG Possibilities?

Take the leap with Singtel to unlock new opportunities and accelerate your growth. Apply now and start your empowering career!

The Security Consultant delivers penetration testing & offensive security projects to ensure a successful

outcome that at least meets or exceeds the expectations of our clients.

• The customer recognises you as a subject matter expert and they have confidence in the comprehensiveness of the testing methodology and the accuracy of the results.
• The client has prepared the testing environment prior to the project start date so that the engagement is executed smoothly and without delay.
• Penetration testing projects are delivered efficiently and on schedule.
• The quality of the Penetration Testing Report by ensuring it has been peer reviewed and approved for release to the client.
• All client data is managed in strict accordance with Vantage Point Security data security and protection policies throughout the project.

Singapore

We are seeking an accomplished and proactive Senior Penetration Tester to lead our offensive security and penetration testing projects.

The successful candidate will possess extensive practical experience, hold multiple industry-recognised certifications, and demonstrate strong leadership qualities.

You will be expected to manage concurrent projects, mentor junior team members, and ensure that all engagements meet or exceed our clients’ expectations.

Technical Leadership:

• Act as the primary technical authority for both internal teams and client engagements.
• Provide strategic guidance and mentorship to ensure comprehensive coverage of testing scenarios.

Project Management:

• Collaborate with Project Managers to define project scope, develop detailed Statements of Work (SOW), and allocate testing resources.
• Oversee the scheduling and execution of penetration testing projects, ensuring milestones are met and delays minimised.

Penetration Testing:

• Conduct thorough manual and automated penetration tests across web applications, networks, infrastructure, IoT devices, mobile applications, thick clients and emerging technologies.
• Develop, update, and author new test cases to address evolving security threats and technological advancements.

Reporting and Communication:

• Document findings, vulnerabilities, and recommendations in detailed and accurate reports.
• Ensure all reports undergo peer review and receive appropriate approval before delivery to clients.
• Maintain clear and open communication channels with clients regarding testing methodologies, project progress, and remediation advice.

Compliance and Data Security:

• Manage client data in strict accordance with our data security and protection policies.
• Ensure that all engagements adhere to legal, regulatory, and industry-specific requirements.

Expertise Recognition:

Clients recognise you as a subject matter expert with confidence in the rigour and accuracy of our penetration testing approach.

Efficient Project Delivery:

Projects are delivered on schedule, with clearly defined scopes and communicated timelines.

High-Quality Reporting:

Penetration testing reports are comprehensive, thoroughly documented, and approved for client distribution.

Team Development:

Junior team members are well-prepared and continuously upskilled, contributing to a high-performing security team.

Essential Experience:

• A robust track record in delivering complex penetration testing and offensive security projects.
• Extensive hands-on experience in manual testing across diverse environments including web, network, IoT, and mobile platforms.

Certifications:

• Multiple relevant penetration testing certifications are required (e.g., CREST, OSCP, OSWE, GPEN, etc.).
• Maintaining current certifications and an ongoing commitment to professional development is essential.

Leadership and Multitasking:

• Demonstrated leadership skills with the ability to manage and mentor a diverse team.
• Proven ability to manage multiple projects simultaneously while ensuring attention to detail and quality.

Communication Skills:

• Excellent written and verbal communication skills in English, with the ability to clearly articulate complex technical information to non-technical stakeholders.

Please note that only candidates who meet the above criteria, particularly in terms of multiple industry-relevant certifications and extensive hands-on experience, will be considered for this role.

Applications from those who do not satisfy these essential requirements will not be reviewed.

• Occasional travel to client sites may be required.
• We offer a competitive salary and benefits package reflective of the seniority and expertise required for this role.

If you are a seasoned professional with a passion for offensive security and a proven track record in penetration testing leadership, we encourage you to apply.

The Associate Security Consultant attains CREST CRT certification, learns other security assurance skills and assists in delivering penetration testing & offensive security projects to ensure a successful outcome that at least meets or exceeds the expectations of our clients.

• Mentored to achieved CREST CRT certification within 4 months of joining Vantage Point.
• Complete the Associate Consultant training program to become competent with the use of penetration testing tools and techniques, including manual testing, automated application vulnerability scanning/testing tools and source code review techniques.
• Perform penetration testing projects as part of a team to ensure they are delivered efficiently and on schedule.
• All client data is managed in strict accordance with Vantage Point Security data security and protection policies throughout the project.

• Achieve CREST CRT certification within 4 months of joining Vantage Point.
• Complete the Associate Consultant training program comprising the learning of penetration testing tools and techniques, including manual testing, automated application vulnerability scanning/testing tools and source code review techniques.
• Support Senior Consultants and Security Consultants to perform manual penetration tests of websites, services, infrastructure, networks, IoT Devices, and mobile applications to discover and report exploitable vulnerabilities.
• Clearly document findings and recommendations.
• Help to provide an environment where everybody is continuing to learn and develop.
• Continuously learn and master new hacking methods in new and emerging technologies.

1 week ago Be among the first 25 applicants

Summary Of Role

Security Analyst is responsible for security monitoring and responding to alerts and events. The incumbent will be creating, tuning,

Summary Of Role

Security Analyst is responsible for security monitoring and responding to alerts and events. The incumbent will be creating, tuning,

compiling metrics of all security devices, along with documentation of processes and procedures. This role will require strong

analytical and collaboration skills, detailed working knowledge of current and emerging security technologies, as well as the ability

to correlate events to identify abnormal behaviour.

Responsibilities

• Monitor and advice on information security issues related to the systems and workflow to ensure the internal security controls are appropriate and operating as intended.
• Coordinate response to information security incidents.
• Develop and publish information security policies, procedures, standards and guidelines based on knowledge of best practices and compliance requirements.
• Assist with data classification assessment and security audits and remediation plans.
• Collaborate with IT management to manage security vulnerabilities.
• Perform network penetration tests, vulnerability assessment scans and risk assessment reviews.
• Develop, coordinate and review server hardening for platforms used within the environment.
• Review of logs pertaining to security of various platforms, namely server events and logs, network logs.
• Create, conduct and maintain user security awareness.
• Conduct security research in keeping abreast of latest security policies.
• Perform other security related duties as assigned.
  
  

• Degree in Computer Science/Information Technology or equivalent
• At least 3 years’ experience in IT
• Basic technical knowledge in IT network infrastructure, server platforms (Unix, Windows platform) and desktops (OS X and Windows XP and above)
• Experience in using security tools (Security Endpoint solutions, HP ArcSight, QRadar, Rapid7 Nexpose, Tenable Nessus))
• Certified with one or more of the following: QISP, CISSP, Cybersecurity Nexus, CompTIA Security+

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Information Technology
• Industries IT Services and IT Consulting

Referrals increase your chances of interviewing at ERP21 Pte Ltd by 2x

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Press Tab to Move to Skip to Content Link

Select how often (in days) to receive an alert:

Select how often (in days) to receive an alert:

NCS is a leading technology services firm that operates across the Asia Pacific region in over 20 cities, providing consulting, digital services, technology solutions, and more. We believe in harnessing the power of technology to achieve extraordinary things, creating lasting value and impact for our communities, partners, and people. Our diverse workforce of 13,000 has delivered large-scale, mission-critical, and multi-platform projects for governments and enterprises in Singapore and the APAC region.

As a Security Engineer, you'll play a crucial part in maintaining, monitoring, and enhancing our IT security infrastructure. You'll be at the forefront of incident response, patch management, and system integrity, ensuring our digital assets remain secure and operational

What will you do?

• Incident Management: Respond to managed security technologies’ fault alerts and/or customer escalation. This includes performing incident/problem escalation within SLA to internal technical teams or external product vendor until resolution.
• Troubleshooting: Provide support for security solutions, including troubleshooting product-specific technical issues within SLA and work with internal teams/external vendors to resolve technical issues.
• Patch Management: Plan and apply regular updates to mitigate vulnerabilities and maintain system compliance.
• Service and Change Requests: Respond to inbound Change Requests (CRs), Service Requests (SRs) or other queries within SLA.
• System Monitoring: Continuously monitor security systems and perform regular health checks and tasks to ensure operational effectiveness.
• Collaboration: Work closely with IT and cybersecurity teams for reporting and to enhance security measures into ongoing operations.
• Proactive Measures: Stay current with the latest cybersecurity trends and implement proactive measures to improve security posture.
• Compliance: Ensure adherence to security standards and develop / update comprehensive documentation and guides.

The ideal candidate should possess:

• Bachelor’s degree or diploma in Computer Science, Information Technology, Cybersecurity, or a related field.
• 1-5 years of experience in IT or cybersecurity roles.
• Knowledge in AWS cloud native security tools and services such as AWS IAM, Firewall/WAF, GuardDuty, KMS etc.
• Practical working expertise with one or more of the following technologies Firewall (i.e FortiGate, Checkpoint, Palo Alto), Cyberark, Carbon Black, Tenable, Tripwire, ExtraHop, Symantec, Splunk etc.
• Sound fundamental knowledge on IP networking (e.g. TCP/IP, routing, etc.) and Firewalls (e.g. Checkpoint, Fortigate, Palo Alto)
• Strong analytical and problem-solving skills.
• Excellent communication and teamwork abilities.

We are driven by our AEIOU beliefs—Adventure, Excellence, Integrity, Ownership, and Unity —and we seek individuals who embody these values in both their professional and personal lives. We are committed to our Impact: Valuing our clients, Growing our people, and Creating our future .

Together, we make the extraordinary happen .

Learn more about us at ncs.co and visit our LinkedIn career site.

Title: Security Engineer Location: Singapore
Type: Full-Time

About us:

Founded in 2013, GSR is a leading market-making and programmatic trading company in the exciting and fast-evolving world of cryptocurrency trading. With more than 200 employees in 5 countries, we provide billions of dollars of liquidity to cryptocurrency protocols and exchanges on a daily basis. We build long-term relationships with cryptocurrency communities and traditional investors by offering exceptional service, expertise and trading capabilities tailored to their specific needs.

GSR works with token issuers, traders, investors, miners, and more than 30 cryptocurrency exchanges around the world. In volatile markets we are a trusted partner to crypto native builders and to those exploring the industry for the first time.

Our team of veteran finance and technology executives from Goldman Sachs, Two Sigma, and Citadel, among others, has developed one of the world’s most robust trading platforms designed to navigate issues unique to the digital asset markets. We have continuously improved our technology throughout our history, allowing for our clients to scale and execute their strategies with the highest level of efficiency.

Working at GSR is an opportunity to be deeply embedded in every major sector of the cryptocurrency ecosystem.

About the role:

We are seeking an experienced Security Engineer to join our Security team. This is a fast-paced environment where you will play a pivotal role in enhancing and safeguarding GSR’s security infrastructure. You’ll be part of a small, agile team with broad responsibilities, balancing security operations with security tooling ownership and continuous improvement.

This role is ideal for someone passionate about cybersecurity, automation, and operational excellence. You will own and optimise security tooling, proactively improve detection and response, and collaborate across teams to embed security best practices into our technology and processes.

Experience in crypto or finance is not required; we prioritise technical skills, problem-solving abilities, and a proactive mindset. We have offices in London, New York, Singapore, Zug, and Málaga. Some travel may be required.

What You’ll Do

• Monitor, detect, and respond to security incidents using SIEM, EDR, network security, email security, and threat intelligence platforms.
• Optimise security tooling, ensuring effective configurations, alert fidelity, and minimal false positives.
• Perform attack surface monitoring, identifying and mitigating external risks before they can be exploited.
• Conduct threat hunting, log analysis, and forensic investigations to uncover potential threats.
• Support vulnerability management, track risks, and coordinate remediation efforts.
• Strengthen endpoint, network, and cloud security controls, ensuring robust protection across the organisation.
• Contribute to security policies, awareness initiatives, and compliance efforts (MAS, ISO27001, SOC2).
• Support security monitoring and investigations related to blockchain and digital assets.

What You’ll Bring

• Experience in security operations, incident response, and threat detection.
• Strong knowledge and experience in SIEMs, EDRs, network security, threat intelligence platforms and other security tools, (WebProxies, WAFs, Firewalls, Email Security platforms, etc.)
• Strong understanding of AWS, Docker, and Kubernetes, including security best practices for cloud and containerised environments.
• Strong understanding of various types of attacks and mitigation methods.
• Experience in dynamic and static malware analysis, sufficient to understand and interpret the results of automated analysis.
• Strong understanding of social engineering attacks. Email analysis.
• Proficiency in scripting to automate security processes.
• Hands-on experience optimising security tools to improve detection accuracy.
• Detection content development, tuning and improvement.
• Strong analytical, problem-solving, and communication skills.
• A proactive mindset, taking ownership of security challenges and continuously improving processes.

What we offer:

• A collaborative and transparent company culture founded on Integrity, Innovation, and Performance.
• Competitive salary with two discretionary bonus payments a year.
• Benefits such as healthcare, dental, vision, retirement planning, 30 days holiday, and free lunches when in the office.
• Regular town halls, team lunches, and social events.
• A corporate and social responsibility program, including charity fundraising matching and volunteer days.
• Access to training and support for professional certifications, with formal learning resources such as Udemy and INE to enhance continuous professional development.

GSR is proudly an Equal Employment Opportunity employer. We do not discriminate based upon any applicable legally protected characteristics such as race, religion, colour, country of origin, sexual orientation, gender, gender identity, gender expression, or age. We operate a meritocracy—all aspects of people engagement, from the decision to hire or promote to our performance management process, are based on business needs and individual merit.

Learn more about us at .

At Paradigm, we are changing the future of finance! By joining us at this early stage, you’ll be building cutting-edge, distributed financial service infrastructure that will reshape financial services across CeFi and DeFi markets.

About Paradigm

• Paradigm is a zero-fee, institutional liquidity network for derivatives traders across CeFi and DeFi.
• We provide unified access to multi-asset, multi-protocol liquidity on demand without compromising on execution preferences, costs, and immediacy.
• We’ve built the largest network of institutional counterparties in crypto, with over 1000 institutional clients trading over $10 B per month.
• We are a diverse, global team led by our organizational principles and united by our mission to bring on-demand liquidity for traders, anytime and anywhere, without compromises. We also strive to ship faster than anyone else in the industry!
• We are backed by the best traders and investors in the space, including Jump Capital, Genesis Trading, Dragonfly Capital, QCP Capital, Optiver US, IMC, GSR Markets, Akuna Capital, Fidelity Digital Assets CMT Digital, Goldentree Asset Management, Amber Group, OK Group, Bybit Fintech, and CoinShares.

The role

As a core member of our infrastructure team, you will build and maintain major features, through inception, design, implementation and launch, working closely with product and engineering disciplines across the company. You will spend the majority of your time on cross-functional self-contained feature teams focused on delivering value to the customer, while other projects will be more internally focused on integrations, scalability, and performance.

Responsibilities

• Own the site reliability process and systems from design and implementation to deployment and maintenance
• Educate the platform software engineering team on reliability best practices and collaborate to evolve the software engineering process to accommodate reliability principles
• Provide service outage escalation response alongside software engineers
• Manage multiple Kubernetes clusters across multiple environments and regions
• Manage and build core services and infrastructure across the entire engineering organization
• Help build an adaptable, high-velocity team
• Participate in on-call rotations to assist in resolving production incidents

Things that we believe are critical

• Expertise in Security and DevSecOps
• Strong compliance knowledge - SOC 2
• Expertise in site reliability engineering in a multi-datacenter production cloud environment with demanding up-time, real-time performance, and security requirements
• Experience adopting and employing open-source, home-grown, and commercial technology products as appropriate in support of the Infra Engineering mission
• Strong familiarity with AWS and Kubernetes
• Experience with leading teams and projects
• Comfort working with senior management to allocate and prioritize engineering energy in support of the Infra Engineering mission in a real-world resource-constrained environment
• Experience with cloud infrastructure and networking in a production context
• Experience building and/or using low-latency cross-region databases or high-volume trading applications
• Experience with HashiCorp tools (Vault, and Terraform)
• Experience with Kafka, Redis, and Postgres
• Experience with cloud providers beyond AWS (Azure, GCP, etc.)
• Expertise in cloud network security

This position is flexible on-site or hybrid position at our headquarters office in Singapore. We are able to provide financial and logistical support for work Visa procurement and relocation for Singapore, if applicable.

At Paradigm we're doing something different. Moving forward we ask all candidates to send in a video with their application, telling us why they want to be part of the team.
The video should be no longer than 1 minute and via a link to a streaming platform of your choice. (No files or download links will be accepted)

• Competitive Pay: Top-tier compensation in the industry.
• Generous PTO : Unlimited vacation.
• Full Benefits : Comprehensive packages tailored by country.
• Technology & Learning Allowances : 3,500 USD for your first-year setup, $,000 USD refresh every 2 years, plus 1,000 USD annually for learning and development.

Paradigm is an equal opportunity employer.

*

indicates a required field

First Name *

Last Name *

Email *

Phone *

Resume/CV *

Enter manually

Accepted file types: pdf, doc, docx, txt, rtf

Which country are you located in? *

Are you legally authorized to work in the country where you are located? * Select.

Will you now or in the future require sponsorship for employment visa status (e.g., H-1B visa status)? * Select.

Would you be open to relocation to Singapore, either now or in the future? * Select.

Do you have any history with Crypto? Either professional or personal? *

• Bachelor's degree in Computer Science, Information Security, or related field (or equivalent experience).
• 3+ years of experience in cybersecurity, information security, or related roles.
• Proficiency in network security, system hardening, and secure coding principles.
• Experience with security tools such as SIEM (e.g., Splunk, ELK) , firewalls , endpoint protection , and vulnerability scanners (e.g., Nessus, Qualys).
• Familiarity with cloud security (AWS, Azure, or GCP) and container security (e.g., Docker, Kubernetes).
• Knowledge of identity and access management (IAM), encryption standards, and authentication protocols.
• Experience with scripting or programming languages (e.g., Python, Bash, or PowerShell) for automation.
• Solid understanding of regulatory compliance standards and frameworks (e.g., NIST, CIS, OWASP, ISO 27001).