Vulnerability Assessor and Penetration Tester (Application Security)
Zeculity Consulting
Kuala Lumpur
Permanent
Full-time
15 days ago
Role : Digital Security Consultant (Application Security / Secure Software Development Lifecycle / Security Posture Assessment) - Junior / Senior . This role will be placed at one of our client in telecommunication sector. Location : Kuala Lumpur Hybrid Work Environment based on values in Trustworthy, Empathy and Collaboration. Adaptive Work Culture based on Shift-Left, Cause-Effect and Continuous Improvement mentality. Polymaths or T-Shape Learning and Development culture. Remuneration : incremental Annual and Medical based on years of services, Transport Allowance, Marriage Leave, Maternity Leave (3 calendar months), Paternity Leave (7 days), Compassionate Leave, EPF, SOCSO, EIS, Insurance, Hospitalization and Medical Benefits Responsibilities Operate a hands-on role involving vulnerability assessment and penetration testing activities of complex applications, systems, operating systems, networks and mobile applications / smart or IOT devices Develop and maintain security testing plans Develop meaningful metrics to reflect the true posture of the environment allowing the client organization to make educated decisions based on risk Produce actionable, threat-based, reports on security testing results Act as a source of direction, training, and guidance for less experienced staff Mentor and coach other IT security consultant to provide guidance and expertise in their growth Consult with application developers, systems administrators, and management to demonstrate security testing results, explain the threat presented by the results, and consult on remediation Communicate security issues to a wide variety of internal and external 'customers' to include technical teams, executives, risk groups, vendors and regulators Deliver the penetration testing schedule and conducting awareness campaigns to ensure proper budgeting by business lines for annual tests Foster and maintain relationships with key stakeholders and business partners Conducting tests on applications: You must design tests to break into security protected networks, computer or control systems, applications, smart or IOT devices to look for vulnerabilities. Conducting security audits: You will conduct security and network audits to evaluate how well an organizations system conforms to a set of established criteria. This will help to pinpoint ways that attackers or malicious actors could exploit weaknesses in security systems. Analyzing security policies: Organizations enforce security policies that identify procedures and rules for accessing and using their IT resources. You need to analyze these policies for effectiveness, make suggestions for improvements and to work to enhance methodological material. Writing security assessment reports: After conducting your research and tests, you will have to document your findings, write security reports and discuss solutions with management team and client. Contribute to enhancement or improvement to existing Security Testing Framework, Guideline and Standard Operating Procedure. Involve in R&D on threat modeling, application security, vulnerability assessment, penetration testing and threat hunting, etc. Qualifications Mandatory : Zero criminal records. Uphold high ethics and information & data confidentiality. Passion about digital security. Critical thinker, problem solver and sensible analytic skill . Adaptable to changes and good team work. Excellent organizational and time management skills. Previous working experience as a Security Posture Assessment Specialist or Penetration Testing Specialist for up to 2 year(s). Hands on experience with testing frameworks such as the PTES, OWASP or OSSTMM. Certification from Offensive Security, EC-Council, CREST, ISACA, etc (applicable for professional with at least 2 year work experiences). Bachelor Degree in Cyber Security, Computer Information Systems, Management Information Systems, Computer Science, Software Engineering, Artificial Intelligence or similar relevant field In-depth knowledge of application development processes and at least one programming or scripting language (e.g., Python, Java, Scala, C, C++, C#, Ruby, Perl, PowerShell, PHP, Rust). Applicable knowledge of at least one of OS such as Windows client/server, Unix/Linux systems, Mac OS X, VMware/Xen. Applicable knowledge of at least one of web technology such as web application server, API server, chatbot, blockchain. Applicable knowledge of at least one of mobile OS like Android, iOS, Huawei OS. Applicable work experience in Secure Software Development environment or culture. Optional : Applicable knowledge of at least one of industry standard for cyber security such as ISO 27001 / ISMS, PCI DSS, SWIFT CSCF, IEC 62443, NIST SP 800-series, NIST SSDF, MISRA, MITRE ATT&CK, OWASP ASVS, OWASP MASVS, OWASP Top Ten for Web, Mobile and iOT. Applicable knowledge of at least one of the application security tool (SAST, DAST, SCA, RASP) such as Fortify, Checkmarx, Sonarqube, Sonatype, ContrastSecurity. Applicable knowledge of at least one of the cloud technologies such as AWS, Azure, Google Cloud Platform, Oracle Cloud, IBM Cloud, Alibaba Cloud, Huawei Cloud. Applicable knowledge of Machine Learning Modeling like Large Language Model (LLama2, Claude, OpenLLama, OpenAI) or Smaller Language Model (Orca, UL2R, Flan). Applicable knowledge of at least one of smart technology OS such as FreeRTOS, Google Wear OS, Apple Watch OS, Tizen OS, Fitbit OS, Garmin Watch OS, Zepp OS.