Penetration testing and security assessments

Job title: Penetration testing and security assessments

Company:


Job description: Role Description Required Qualifications and Skills: Experience: 3-7 years in penetration testing and security assessments. Demonstrated experience across both application and infrastructure testing domains. Certifications (preferred): OSCP, OSWE, OSEP, GPEN, GWAPT, or equivalent. Additional certifications (e.g., AWS Security Specialty, Azure Security Engineer) are a plus. Technical Skills: Strong hands-on experience with tools like Burp Suite, OWASP ZAP, Metasploit, Nmap, Wireshark, MobSF, Nessus, Qualys, Nexpose, and firewall analyzers (e.g., AlgoSec, Tufin). Solid understanding of application security, network security, cloud security, and Active Directory architecture. Ability to perform manual testing beyond automated scanner results. Soft Skills: Strong documentation and reporting abilities; excellent attention to detail. Effective communicator with both technical and non-technical stakeholders. Self-organized, able to juggle multiple projects and shifting priorities. Comfortable providing onsite support and direct client interaction. Other Requirements: Willingness to travel within Malaysia for onsite activities (as required). Ability to work independently and as part of a distributed team. . Qualifications 2. Project Testers Deliver all testing (web, mobile, AD, infra, WiFi, cloud, firewall). Available for onsite presence in Malaysia. Handle reporting, documentation, retesting, and vulnerability tracking. Assist in scheduling, project updates, SLA tracking, and internal coordination. Require well-rounded technical skills across both application and infrastructure domains. Key Responsibilities: Technical Penetration Testing Perform in-depth manual and automated penetration tests on: Web applications (including OWASP Top 10, business logic flaws) Mobile applications (Android, iOS, Harmony) Active Directory environments (privilege escalation, lateral movement) Network infrastructure (routers, switches, firewalls, SSL VPNs) WiFi networks (black-box, white-box testing) Cloud infrastructure (AWS security groups, Azure firewalls, micro-segmentation) Identify, validate, and exploit vulnerabilities across systems, ensuring minimal false positives. Infrastructure Security Assessment Conduct semi-annual reviews of router/switch/firewall configurations. Perform firewall rule base analysis, configuration hardening, and compliance reviews (PCI DSS, NIST, internal standards). Utilize firewall analyzer tools to model access paths, simulate threats, and assess cloud-native controls. Project and Client Support Provide onsite support at customer locations as needed. Engage in change management processes, prepare CAB submissions, and attend project meetings. Coordinate with client stakeholders, application owners, and developers for clarification sessions. Ensure adherence to defined SLAs, reporting timelines, and project milestones. Reporting and Documentation Prepare detailed technical reports, including: Vulnerability descriptions, risk ratings, and remediation recommendations. Step-by-step attack sequences with supporting screenshots. Confirmatory retest documentation. Maintain accurate records of testing activities, exploitation attempts, and engagement outcomes. Collaborate with project leads to ensure report delivery within agreed timelines. Knowledge Sharing and Continuous Learning Stay updated on emerging vulnerabilities, tools, and attack techniques. Contribute to internal knowledge bases and playbooks. Provide informal mentoring to less experienced testers. Required Qualifications and Skills: Experience: 3-7 years in penetration testing and security assessments. Demonstrated experience across both application and infrastructure testing domains. Certifications (preferred): OSCP, OSWE, OSEP, GPEN, GWAPT, or equivalent. Additional certifications (e.g., AWS Security Specialty, Azure Security Engineer) are a plus. Technical Skills: Strong hands-on experience with tools like Burp Suite, OWASP ZAP, Metasploit, Nmap, Wireshark, MobSF, Nessus, Qualys, Nexpose, and firewall analyzers (e.g., AlgoSec, Tufin). Solid understanding of application security, network security, cloud security, and Active Directory architecture. Ability to perform manual testing beyond automated scanner results. Soft Skills: Strong documentation and reporting abilities; excellent attention to detail. Effective communicator with both technical and non-technical stakeholders. Self-organized, able to juggle multiple projects and shifting priorities. Comfortable providing onsite support and direct client interaction. Other Requirements: Willingness to travel within Malaysia for onsite activities (as required). Ability to work independently and as part of a distributed team. Key Performance Metrics: Adherence to project timelines and SLA requirements. Quality and accuracy of penetration testing findings (zero false positives, no missed critical vulnerabilities). Client satisfaction during clarifications and onsite engagements. Completeness and clarity of reporting deliverables.

Expected salary:

Location: Kuala Lumpur

Job date: Fri, 23 May 2025 22:16:20 GMT

To help us track our recruitment effort, please indicate in your email/cover letter where (jobsnear.pro) you saw this job posting.Thanks&Good Luck