30 Senior Penetration Testers jobs in Singapore

Manager (Penetration Test & Vulnerability Assessment)

Singapore, Singapore $90000 - $120000 Y Ministry of Defence Singapore

Posted today

Job Viewed

Tap Again To Close

Job Description

MINDEF

Permanent

Closing on 21 Sep 2025

What the role is

You will play a pivotal role in safeguarding Singapore's defence and security interests by conducting comprehensive Penetration Testing (PT), Vulnerability Assessments (VA), and Source Code Security Reviews on IT assets, including infrastructure, web applications, and military applications.

What you will be working on

  • Conduct comprehensive Penetration Testing (PT), Vulnerability Assessments (VA), and Source Code Security Reviews on IT assets, including infrastructure, web applications, and military applications
  • Develop tailored security assessment tools and scripts to enhance testing capabilities and address evolving threat vectors
  • Document findings, conduct analysis, and prepare detailed technical reports, including executive summaries for various stakeholders
  • Collaborate with security engineers, developers, and other stakeholders to provide actionable guidance on remediating identified security risks and vulnerabilities
  • Provide expertise in the design and implementation of security controls across applications, infrastructure, and network systems
  • Develop and deliver specialised training and awareness programs to elevate the cybersecurity capabilities of the SAF personnel, with opportunities for growth in leadership and knowledge-sharing in the military cybersecurity context
  • Maintain up-to-date knowledge of emerging threats, security best practices, and industry-standard frameworks
    Challenge(s)
  • Maintaining consistent quality under time pressure
  • Quickly learning and troubleshooting various tools and platforms

What we are looking for

  • Education in Information Security, Computer Science, IT or a related field
  • Industry-recognised certifications such as CREST CRT, GPEN, or OSCP
  • At least 1 year of hands-on experience in conducting PT and VA, with a strong preference for experience in military or government-focused penetration testing
  • Experience conducting security assessments on application infrastructure, networks, and cloud-based systems
  • Strong understanding of web application, infrastructure, and network security architecture
  • Excellent communication and presentation skills, with a focus on conveying complex security findings to both technical and non-technical stakeholders
  • Ability to work independently and collaboratively within cross-functional teams
  • Highly analytical, self-driven, and committed to continuous learning and skill enhancement
  • Proficiency in scripting languages, such as Python, PowerShell, JavaScript, VBScript, Ruby, or Perl
  • Track record of identifying and disclosing vulnerabilities or recognition in Capture-The-Flag (CTF) competitions
  • Proficiency with tools such as BurpSuite, Metasploit, Nexpose, Nessus, and other industry-standard penetration testing and vulnerability assessment tools
    Appointment will be commensurate with your experience.
    Only shortlisted candidates will be notified.

About MINDEF

The mission of MINDEF and the Singapore Armed Forces is to enhance Singapore's peace and security through deterrence and diplomacy, and should these fail, to secure a swift and decisive victory over the aggressor.
The Defence Executive Officer (DXO) scheme is the non-uniformed career scheme of MINDEF that offers myriad opportunities in various job functions, such as corporate communications, cyber security, data analytics and visualisation, defence policy, finance, HR, psychology, and more. Embodying the same level of commitment towards defence, DXOs work together with their military counterparts to contribute to MINDEF/SAF's mission and ensure Singapore's security and stability. United by this common cause, our lines of defence complement each other to secure the prosperity and progress of our nation.

About your application process

This job is closing on 21 Sep 2025.

If you do not hear from us within 4 weeks of the job ad closing date, we seek your understanding that it is likely that we are not moving forward with your application for this role. We thank you for your interest and would like to assure you that this does not affect your other job applications with the Public Service. We encourage you to explore and for other roles within MINDEF or the wider Public Service.

This advertiser has chosen not to accept applicants from your region.

Security Testing Specialist

Singapore, Singapore $90000 - $120000 Y OCBC (Singapore)

Posted today

Job Viewed

Tap Again To Close

Job Description

*WHO WE ARE: *

As Singapore's longest established bank, we have been dedicated to enabling individuals and businesses to achieve their aspirations since 1932. How? By taking the time to truly understand people. From there, we provide support, services, solutions, and career paths that meet their individual needs and desires.

Today, we're on a journey of transformation. Leveraging technology and creativity to become a future-ready learning organisation. But for all that change, our strategic ambition is consistently clear and bold, which is to be Asia's leading financial services partner for a sustainable future.

We invite you to build the bank of the future. Innovate the way we deliver financial services. Work in friendly, supportive teams. Build lasting value in your community. Help people grow their assets, business, and investments. Take your learning as far as you can. Or simply enjoy a vibrant, future-ready career.

Your Opportunity Starts Here.

Why Join

Protecting our customers' assets and data is at the heart of everything we do at OCBC. As a Security Testing Specialist, you'll play a critical role in safeguarding our systems and networks from cyber threats. You'll be part of a team that's shaping the future of cybersecurity in the financial industry.

How you succeed

To succeed in this role, you'll need to stay one step ahead of emerging threats. You'll work closely with our engineering teams to identify and mitigate risks, and develop strategies to protect our systems and data. You'll need to be proactive, collaborative, and always looking for ways to improve our cybersecurity posture.

What you do

  • Perform application penetration testing on web-based applications, APIs
  • Perform mobile application penetration testing across different mobile platforms
  • Perform network penetration testing on systems.
  • Exploit vulnerabilities to gain access and expand access to remote systems.
  • Document and explain the technical details of the security issues identified during security assessments and recommend mitigation controls for remediation.
  • Research cutting edge security topics and new attack vectors
  • Conduct compliance testing on web-based application, mobile applications and thick/thin-client application that meet predetermined Technology Security Standards and other regulatory requirements such as MAS TRMG.
  • Conduct secure code review when required
  • Perform thick client penetration testing when required

Who you are

  • Minimum 3 years of hands-on penetration testing experience for web applications, mobile applications, and APIs
  • Experience conducting Secure Code Review
  • Degree in computer science/computer engineering/information security or equivalent.
  • A working knowledge of all aspects of information security is essential.
  • Familiarity of MAS TRMG and other regulatory/industries requirements.
  • Good communication (spoken and written) skills, able to work independently and as a team
  • Certifications from either GIAC/Offensive Security/CREST required.
  • Hands on experience in using Kali Linux, tools such as Burp, Tenable and other penetration testing, and secure code review tools
  • Experience in conducting penetration testing for Banks in Singapore will be highly preferred
  • Experience in conducting code review for AS400 and legacy mainframe systems will be an advantage

Who we are

As Singapore's longest established bank, we have been dedicated to enabling individuals and businesses to achieve their aspirations since 1932. How? By taking the time to truly understand people. From there, we provide support, services, solutions, and career paths that meet their individual needs and desires.

Today, we're on a journey of transformation. Leveraging technology and creativity to become a future-ready learning organisation.

But for all that change, our strategic ambition is consistently clear and bold, which is to be Asia's leading financial services partner for a sustainable future.

We invite you to build the bank of the future. Innovate the way we deliver financial services. Work in friendly, supportive teams. Build lasting value in your community. Help people grow their assets, business, and investments. Take your learning as far as you can. Or simply enjoy a vibrant, future-ready career. Your Opportunity Starts Here.

What we offer

Competitive base salary. A suite of holistic, flexible benefits to suit every lifestyle. Community initiatives. Industry-leading learning and professional development opportunities. Equal opportunity. Fair employment. Selection based on ability and fit with our culture and values. Your wellbeing, growth and aspirations are every bit as cared for as the needs of our customers.

*What we offer: *

Competitive base salary. A suite of holistic, flexible benefits to suit every lifestyle. Community initiatives. Industry-leading learning and professional development opportunities. Your wellbeing, growth and aspirations are every bit as cared for as the needs of our customers.

This advertiser has chosen not to accept applicants from your region.

Penetration Tester

Singapore, Singapore LANTU EMPLOYMENT AGENCY PTE. LTD.

Posted today

Job Viewed

Tap Again To Close

Job Description

Job Summary:

We are seeking a highly skilled Penetration Tester to join our cybersecurity team. In this role, you will be responsible for performing advanced penetration tests on networks, web applications, and systems to identify vulnerabilities and recommend security improvements. The ideal candidate will have experience with various security frameworks, offensive security techniques, and the ability to work both independently and in a team. Holding a CRT (CREST Registered Tester)certification is preferred but not mandatory. You will collaborate with stakeholders to improve the security posture of the organization and its clients.

Key Responsibilities:
  • Perform in-depth penetration tests on a wide range of environments, including networks, web applications, mobile applications, and cloud infrastructure.
  • Identify and exploit vulnerabilities, and provide actionable remediation recommendations.
  • Develop and execute custom test cases, scenarios, and scripts to simulate attack vectors.
  • Create detailed reports that clearly communicate findings, risk levels, and suggested mitigation strategies to both technical and non-technical stakeholders.
  • Stay up-to-date with the latest cybersecurity threats, vulnerabilities, and technologies.
  • Collaborate with development, IT, and security teams to address identified security weaknesses and verify fixes.
  • Provide technical advice on security best practices and strategies for securing information systems.
  • Assist in threat modeling and security architecture reviews.
  • Support red team engagements and simulated attack scenarios.
  • Ensure testing methodologies are aligned with industry standards such as OWASP, NIST, CIS Controls, and MITRE ATT&CK framework.
  • Participate in security incident response when required, assisting in post-incident forensic investigations.
Requirements:
  • Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or a related field (or equivalent experience).
  • Proven experience in penetration testing across various domains (network, web, mobile, cloud, etc.).
  • Strong knowledge of penetration testing tools such as Nmap, Metasploit, Burp Suite, Wireshark, Nessus, Kali Linux, etc.
  • Deep understanding of network protocols, operating systems (Windows, Linux), and application security.
  • Familiarity with security frameworks like CIS, NIST, and OWASP.
  • Experience in writing custom scripts to automate security testing (e.g., Python, Bash, PowerShell).
  • Ability to work both independently on projects and collaboratively in a team setting.
  • Strong problem-solving skills, with the ability to think critically and analytically.
  • Excellent communication skills, with the ability to present complex technical issues to non-technical stakeholders.
Preferred Qualifications:
  • CRT (CREST Registered Tester) certification is preferred.
  • Other relevant certifications such as OSCP, OSWE, CPT, CEH, GPEN, or CISSP.
  • Knowledge of cloud security testing in platforms like AWS, Azure, or Google Cloud.
  • Familiarity with container security (e.g., Docker, Kubernetes) and DevSecOps practices.
  • Understanding of social engineering techniques and their role in penetration testing.
  • Experience with advanced techniques such as exploit development and red teaming.
This advertiser has chosen not to accept applicants from your region.

Penetration Tester

Singapore, Singapore LANTU EMPLOYMENT AGENCY PTE. LTD.

Posted today

Job Viewed

Tap Again To Close

Job Description

Roles & Responsibilities

Job Summary:

We are seeking a highly skilled Penetration Tester to join our cybersecurity team. In this role, you will be responsible for performing advanced penetration tests on networks, web applications, and systems to identify vulnerabilities and recommend security improvements. The ideal candidate will have experience with various security frameworks, offensive security techniques, and the ability to work both independently and in a team. Holding a CRT (CREST Registered Tester)certification is preferred but not mandatory. You will collaborate with stakeholders to improve the security posture of the organization and its clients.

Key Responsibilities:

  • Perform in-depth penetration tests on a wide range of environments, including networks, web applications, mobile applications, and cloud infrastructure.
  • Identify and exploit vulnerabilities, and provide actionable remediation recommendations.
  • Develop and execute custom test cases, scenarios, and scripts to simulate attack vectors.
  • Create detailed reports that clearly communicate findings, risk levels, and suggested mitigation strategies to both technical and non-technical stakeholders.
  • Stay up-to-date with the latest cybersecurity threats, vulnerabilities, and technologies.
  • Collaborate with development, IT, and security teams to address identified security weaknesses and verify fixes.
  • Provide technical advice on security best practices and strategies for securing information systems.
  • Assist in threat modeling and security architecture reviews.
  • Support red team engagements and simulated attack scenarios.
  • Ensure testing methodologies are aligned with industry standards such as OWASP, NIST, CIS Controls, and MITRE ATT&CK framework.
  • Participate in security incident response when required, assisting in post-incident forensic investigations.

Requirements:

  • Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or a related field (or equivalent experience).
  • Proven experience in penetration testing across various domains (network, web, mobile, cloud, etc.).
  • Strong knowledge of penetration testing tools such as Nmap, Metasploit, Burp Suite, Wireshark, Nessus, Kali Linux, etc.
  • Deep understanding of network protocols, operating systems (Windows, Linux), and application security.
  • Familiarity with security frameworks like CIS, NIST, and OWASP.
  • Experience in writing custom scripts to automate security testing (e.g., Python, Bash, PowerShell).
  • Ability to work both independently on projects and collaboratively in a team setting.
  • Strong problem-solving skills, with the ability to think critically and analytically.
  • Excellent communication skills, with the ability to present complex technical issues to non-technical stakeholders.

Preferred Qualifications:

  • CRT (CREST Registered Tester) certification is preferred.
  • Other relevant certifications such as OSCP, OSWE, CPT, CEH, GPEN, or CISSP.
  • Knowledge of cloud security testing in platforms like AWS, Azure, or Google Cloud.
  • Familiarity with container security (e.g., Docker, Kubernetes) and DevSecOps practices.
  • Understanding of social engineering techniques and their role in penetration testing.
  • Experience with advanced techniques such as exploit development and red teaming.
Tell employers what skills you have

Excellent Communication Skills
CEH
Remediation
Application Security
Vulnerability Scanning
Wireshark
Vulnerability Management
Information Technology
Penetration Testing
Python
Operating Systems
Windows
Mobile Applications
Docker
Web Applications
Threat & Vulnerability Management
Vulnerability Assessment
Linux
CISSP
Threat and Vulnerability Management
This advertiser has chosen not to accept applicants from your region.

PENETRATION TESTER

Singapore, Singapore YY SMART TECH PTE. LTD.

Posted today

Job Viewed

Tap Again To Close

Job Description

Roles & Responsibilities

Job Overview

We are seeking for a Penetration Tester with CAT1 Security Clearance to lead VAPT for Singapore government and critical infrastructure sectors. You will execute full-scope attacks (networks, apps, cloud, OT), bypass advanced defenses, and deliver actionable remediation strategies.

This role requires CREST/OSCP certification, deep exploit development skills, and experience with GovTech cybersecurity frameworks.

Core Responsibilities

Advanced Threat Emulation:

  1. CAT1-cleared engagements:
  2. Network: Breach segmented govt networks (e.g., air-gapped systems)
  3. Applications: Exploit web/mobile apps (SCADA interfaces, GovTech portals)
  4. Cloud: Attack AWS GovCloud/Azure Government environments
  5. OT: ICS/SCADA system penetration (Siemens, Rockwell)
  6. Develop custom malware/exploits (C++, Python) to evade EDR/XDR.

Red Team Operations:

  1. Lead multi-vector campaigns:
  2. Phishing (Evade Proofpoint/MS ATP)
  3. Physical security bypass (RFID cloning, access control spoofing)
  4. Wireless attacks (802.1X, WPA3-Enterprise)
  5. Document TTPs aligned with MITRE ATT&CK for ICS/Enterprise.

Govt Compliance & Reporting:

  1. Align tests with IM8, CSA Red Teaming Guidelines, and NIST SP 800-115.
  2. Deliver executive briefings to CISOs with exploit demos.
  3. Create remediation playbooks

Research & Development:

  1. Reverse engineer firmware (Binwalk, Ghidra) for 0-day discovery.
  2. Contribute to ASEAN CERT advisories (e.g., SingCERT).

Technical Requirements

Non-Negotiable Credentials:

  1. CAT1 Security Clearance
  2. Active Certifications: OSCP or CREST CRT/CCT (Inf/App)
  3. 2+ years in pentesting

Tool Proficiency

  1. Exploitation - Metasploit Pro, Cobalt Strike, Burp Suite Pro, PowerSploit
  2. Post-Exploit - BloodHound, Mimikatz, Impacket, Covenant C2
  3. Forensics - Volatility, Wireshark, CHIRP (ICS)
  4. Wireless - HackRF One, Proxmark3, Wi-Fi Pineapple
  5. Cloud - Pacu (AWS), MicroBurst (Azure), GCP IAM Exploit Toolkit

Preferred Qualifications

  1. Certifications: OSCE³, CREST CCT Gold, OSCP
  2. Govt Framework Experience: IM8 Penetration Test Guidelines, CSA Cyber Essentials
  3. Public Contributions: CVEs, exploit-db submissions, conference talks (Black Hat Asia, DEFCON)
Tell employers what skills you have

Security Clearance
Remediation
Wireshark
Exploitation
Physical Security
Wireless
Access Control
SCADA
Phishing
Gold
Penetration Testing
Python
Firmware
GCP
Burp Suite
This advertiser has chosen not to accept applicants from your region.

PENETRATION TESTER

Singapore, Singapore YY SMART TECH PTE. LTD.

Posted today

Job Viewed

Tap Again To Close

Job Description

Job Overview
We are seeking for a Penetration Tester with CAT1 Security Clearance to lead VAPT for Singapore government and critical infrastructure sectors. You will execute full-scope attacks (networks, apps, cloud, OT), bypass advanced defenses, and deliver actionable remediation strategies.
This role requires CREST/OSCP certification, deep exploit development skills, and experience with GovTech cybersecurity frameworks.
Core Responsibilities
Advanced Threat Emulation:
CAT1-cleared engagements:
Network: Breach segmented govt networks (e.g., air-gapped systems)
Applications: Exploit web/mobile apps (SCADA interfaces, GovTech portals)
Cloud: Attack AWS GovCloud/Azure Government environments
OT: ICS/SCADA system penetration (Siemens, Rockwell)
Develop custom malware/exploits (C++, Python) to evade EDR/XDR.
Red Team Operations:
Lead multi-vector campaigns:
Phishing (Evade Proofpoint/MS ATP)
Physical security bypass (RFID cloning, access control spoofing)
Wireless attacks (802.1X, WPA3-Enterprise)
Document TTPs aligned with MITRE ATT&CK for ICS/Enterprise.
Govt Compliance & Reporting:
Align tests with IM8, CSA Red Teaming Guidelines, and NIST SP 800-115.
Deliver executive briefings to CISOs with exploit demos.
Create remediation playbooks
Research & Development:
Reverse engineer firmware (Binwalk, Ghidra) for 0-day discovery.
Contribute to ASEAN CERT advisories (e.g., SingCERT).
Technical Requirements
Non-Negotiable Credentials:
CAT1 Security Clearance
Active Certifications: OSCP or CREST CRT/CCT (Inf/App)
2+ years in pentesting
Tool Proficiency
Exploitation - Metasploit Pro, Cobalt Strike, Burp Suite Pro, PowerSploit
Post-Exploit - BloodHound, Mimikatz, Impacket, Covenant C2
Forensics - Volatility, Wireshark, CHIRP (ICS)
Wireless - HackRF One, Proxmark3, Wi-Fi Pineapple
Cloud - Pacu (AWS), MicroBurst (Azure), GCP IAM Exploit Toolkit
Preferred Qualifications
Certifications: OSCE3, CREST CCT Gold, OSCP
Govt Framework Experience: IM8 Penetration Test Guidelines, CSA Cyber Essentials
Public Contributions: CVEs, exploit-db submissions, conference talks (Black Hat Asia, DEFCON)
#J-18808-Ljbffr

This advertiser has chosen not to accept applicants from your region.

Penetration Tester

608838 $8400 Monthly FORTIEDGE PTE. LTD.

Posted today

Job Viewed

Tap Again To Close

Job Description

Company: Fortiedge Pte. Ltd.

About Us: Fortiedge is a cybersecurity firm dedicated to protecting our clients' digital assets. We are committed to innovation, excellence, and providing top-notch services. Join our team and help us safeguard the future.

Job Description: We are seeking a skilled and motivated Penetration Tester to join our cybersecurity team. The ideal candidate will have a strong background in ethical hacking and a passion for identifying and mitigating security vulnerabilities. As a Penetration Tester, you will be responsible for conducting comprehensive security assessments, simulating cyber-attacks, and providing actionable recommendations to enhance our clients' security posture.

Key Responsibilities:

  • Conduct penetration testing on web/mobile applications, networks, and systems.
  • Conduct source code review.
  • Identify and exploit security vulnerabilities in various environments.
  • Develop and execute test plans, methodologies, and tools.
  • Document findings and provide detailed reports with remediation recommendations.
  • Stay up-to-date with the latest security trends, tools, and techniques.

Qualifications:

  • Bachelor's degree in Computer Science, Information Security, or a related field.
  • Proven experience in penetration testing and ethical hacking.
  • Proficiency with penetration testing tools (e.g., Metasploit, Burp Suite, Nmap).
  • Strong understanding of network protocols, operating systems, and web technologies.
  • Relevant certifications (e.g., OSCP, CEH, CISSP) are highly desirable.
  • Excellent problem-solving skills and attention to detail.
  • Strong communication skills, both written and verbal.
  • Ability to work independently and as part of a team.

Benefits:

  • Competitive salary and performance-based bonuses.
  • Comprehensive health, dental, and vision insurance.
  • Professional development opportunities and certification reimbursements.
  • Flexible working hours and remote work options.
  • Collaborative and inclusive work environment.
This advertiser has chosen not to accept applicants from your region.
Be The First To Know

About the latest Senior penetration testers Jobs in Singapore !

Penetration Tester

$9000 Monthly LANTU EMPLOYMENT AGENCY PTE. LTD.

Posted 7 days ago

Job Viewed

Tap Again To Close

Job Description

Job Summary:


We are seeking a highly skilled Penetration Tester to join our cybersecurity team. In this role, you will be responsible for performing advanced penetration tests on networks, web applications, and systems to identify vulnerabilities and recommend security improvements. The ideal candidate will have experience with various security frameworks, offensive security techniques, and the ability to work both independently and in a team. Holding a CRT (CREST Registered Tester) certification is preferred but not mandatory. You will collaborate with stakeholders to improve the security posture of the organization and its clients.


Key Responsibilities:

  • Perform in-depth penetration tests on a wide range of environments, including networks, web applications, mobile applications, and cloud infrastructure.
  • Identify and exploit vulnerabilities, and provide actionable remediation recommendations.
  • Develop and execute custom test cases, scenarios, and scripts to simulate attack vectors.
  • Create detailed reports that clearly communicate findings, risk levels, and suggested mitigation strategies to both technical and non-technical stakeholders.
  • Stay up-to-date with the latest cybersecurity threats, vulnerabilities, and technologies.
  • Collaborate with development, IT, and security teams to address identified security weaknesses and verify fixes.
  • Provide technical advice on security best practices and strategies for securing information systems.
  • Assist in threat modeling and security architecture reviews.
  • Support red team engagements and simulated attack scenarios.
  • Ensure testing methodologies are aligned with industry standards such as OWASP , NIST , CIS Controls , and MITRE ATT&CK framework.
  • Participate in security incident response when required, assisting in post-incident forensic investigations.

Requirements:

  • Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or a related field (or equivalent experience).
  • Proven experience in penetration testing across various domains (network, web, mobile, cloud, etc.).
  • Strong knowledge of penetration testing tools such as Nmap , Metasploit , Burp Suite , Wireshark , Nessus , Kali Linux , etc.
  • Deep understanding of network protocols, operating systems (Windows, Linux), and application security.
  • Familiarity with security frameworks like CIS , NIST , and OWASP .
  • Experience in writing custom scripts to automate security testing (e.g., Python , Bash , PowerShell ).
  • Ability to work both independently on projects and collaboratively in a team setting.
  • Strong problem-solving skills, with the ability to think critically and analytically.
  • Excellent communication skills, with the ability to present complex technical issues to non-technical stakeholders.

Preferred Qualifications:

  • CRT (CREST Registered Tester) certification is preferred.
  • Other relevant certifications such as OSCP , OSWE , CPT , CEH , GPEN , or CISSP .
  • Knowledge of cloud security testing in platforms like AWS , Azure , or Google Cloud .
  • Familiarity with container security (e.g., Docker, Kubernetes) and DevSecOps practices.
  • Understanding of social engineering techniques and their role in penetration testing.
  • Experience with advanced techniques such as exploit development and red teaming.
This advertiser has chosen not to accept applicants from your region.

PENETRATION TESTER

409051 Paya Lebar Road, Singapore $7000 Monthly YY SMART TECH PTE. LTD.

Posted 9 days ago

Job Viewed

Tap Again To Close

Job Description

Job Overview


We are seeking for a Penetration Tester with CAT1 Security Clearance to lead VAPT for Singapore government and critical infrastructure sectors. You will execute full-scope attacks (networks, apps, cloud, OT), bypass advanced defenses, and deliver actionable remediation strategies.


This role requires CREST/OSCP certification, deep exploit development skills, and experience with GovTech cybersecurity frameworks.


Core Responsibilities


Advanced Threat Emulation:

  1. CAT1-cleared engagements:
  2. Network: Breach segmented govt networks (e.g., air-gapped systems)
  3. Applications: Exploit web/mobile apps (SCADA interfaces, GovTech portals)
  4. Cloud: Attack AWS GovCloud/Azure Government environments
  5. OT: ICS/SCADA system penetration (Siemens, Rockwell)
  6. Develop custom malware/exploits (C++, Python) to evade EDR/XDR.

Red Team Operations:

  1. Lead multi-vector campaigns:
  2. Phishing (Evade Proofpoint/MS ATP)
  3. Physical security bypass (RFID cloning, access control spoofing)
  4. Wireless attacks (802.1X, WPA3-Enterprise)
  5. Document TTPs aligned with MITRE ATT&CK for ICS/Enterprise.

Govt Compliance & Reporting:

  1. Align tests with IM8, CSA Red Teaming Guidelines, and NIST SP 800-115.
  2. Deliver executive briefings to CISOs with exploit demos.
  3. Create remediation playbooks

Research & Development:

  1. Reverse engineer firmware (Binwalk, Ghidra) for 0-day discovery.
  2. Contribute to ASEAN CERT advisories (e.g., SingCERT).

Technical Requirements


Non-Negotiable Credentials:

  1. CAT1 Security Clearance
  2. Active Certifications: OSCP or CREST CRT/CCT (Inf/App)
  3. 2+ years in pentesting

Tool Proficiency

  1. Exploitation - Metasploit Pro, Cobalt Strike, Burp Suite Pro, PowerSploit
  2. Post-Exploit - BloodHound, Mimikatz, Impacket, Covenant C2
  3. Forensics - Volatility, Wireshark, CHIRP (ICS)
  4. Wireless - HackRF One, Proxmark3, Wi-Fi Pineapple
  5. Cloud - Pacu (AWS), MicroBurst (Azure), GCP IAM Exploit Toolkit

Preferred Qualifications

  1. Certifications: OSCE³, CREST CCT Gold, OSCP
  2. Govt Framework Experience: IM8 Penetration Test Guidelines, CSA Cyber Essentials
  3. Public Contributions: CVEs, exploit-db submissions, conference talks (Black Hat Asia, DEFCON)
This advertiser has chosen not to accept applicants from your region.

Consultant - Penetration Tester

$104000 - $130878 Y DELOITTE SINGAPORE T&T CYBER PTE. LTD.

Posted today

Job Viewed

Tap Again To Close

Job Description

Identifies and mitigates cyber risks by assessing systems, networks, and applications for vulnerabilities. They simulate real-world attacks, document findings, and provide security improvement recommendations. Staying updated on cybersecurity trends, they collaborate with other professionals to develop comprehensive security strategies.

  • Conduct security assessments on systems, networks, and applications.
  • Simulate cyber attacks to identify system vulnerabilities.
  • Typical security testing activities include:
  • Software/Web Application/Web Services penetration testing
  • Network Penetration Testing
  • Mobile Application Penetration Testing
  • Thick Client Penetration Testing
  • Develop and execute penetration testing methodologies.
  • Prepare detailed reports on the findings of penetration tests.
  • Recommend and implement improvements to security policies.
  • Stay updated with the latest penetration testing tools and techniques.
  • Train staff on security awareness and procedures.
  • Collaborate with IT staff to improve system security.

Requirements:

  • Bachelor's degree in information security, information systems management, computer science, engineering, or other related discipline.
  • More than 2 years of experience in information technology, IT audits, or cyber security.
  • Proven experience as a Penetration Tester or similar role in cybersecurity.
  • Proficiency in using automated tools and manual testing techniques.
  • Strong understanding of common vulnerabilities and exploits.
  • Relevant certifications (e.g., CEH, OSCP, CREST) are strongly preferred.
  • Excellent problem-solving and analytical skills.
  • Must be able to work under pressure and produce content to tight timelines.
  • Ability to self-manage, prioritizing a variety of tasks.
This advertiser has chosen not to accept applicants from your region.

Nearby Locations

Other Jobs Near Me

Industry

  1. request_quote Accounting
  2. work Administrative
  3. eco Agriculture Forestry
  4. smart_toy AI & Emerging Technologies
  5. school Apprenticeships & Trainee
  6. apartment Architecture
  7. palette Arts & Entertainment
  8. directions_car Automotive
  9. flight_takeoff Aviation
  10. account_balance Banking & Finance
  11. local_florist Beauty & Wellness
  12. restaurant Catering
  13. volunteer_activism Charity & Voluntary
  14. science Chemical Engineering
  15. child_friendly Childcare
  16. foundation Civil Engineering
  17. clean_hands Cleaning & Sanitation
  18. diversity_3 Community & Social Care
  19. construction Construction
  20. brush Creative & Digital
  21. currency_bitcoin Crypto & Blockchain
  22. support_agent Customer Service & Helpdesk
  23. medical_services Dental
  24. medical_services Driving & Transport
  25. medical_services E Commerce & Social Media
  26. school Education & Teaching
  27. electrical_services Electrical Engineering
  28. bolt Energy
  29. local_mall Fmcg
  30. gavel Government & Non Profit
  31. emoji_events Graduate
  32. health_and_safety Healthcare
  33. beach_access Hospitality & Tourism
  34. groups Human Resources
  35. precision_manufacturing Industrial Engineering
  36. security Information Security
  37. handyman Installation & Maintenance
  38. policy Insurance
  39. code IT & Software
  40. gavel Legal
  41. sports_soccer Leisure & Sports
  42. inventory_2 Logistics & Warehousing
  43. supervisor_account Management
  44. supervisor_account Management Consultancy
  45. supervisor_account Manufacturing & Production
  46. campaign Marketing
  47. build Mechanical Engineering
  48. perm_media Media & PR
  49. local_hospital Medical
  50. local_hospital Military & Public Safety
  51. local_hospital Mining
  52. medical_services Nursing
  53. local_gas_station Oil & Gas
  54. biotech Pharmaceutical
  55. checklist_rtl Project Management
  56. shopping_bag Purchasing
  57. home_work Real Estate
  58. person_search Recruitment Consultancy
  59. store Retail
  60. point_of_sale Sales
  61. science Scientific Research & Development
  62. wifi Telecoms
  63. psychology Therapy
  64. pets Veterinary
View All Senior Penetration Testers Jobs