IT Security Consultant
Singapore, Singapore, Singapore
We are looking for experienced security professionals who can help our clients achieve a secured environment for their applications and web information. You must have strong experience in performing penetration testing and vulnerability management services for applications, network systems, operating systems and databases. Candidates should have experience with black box, grey box, and white box testing. Selected candidates will work on a whole-of-government platform that hosts close to 500 web applications.
- Conduct security assessments such as penetration and vulnerability tests
- Keep updated on knowledge of the IT security industry: including awareness of new or revised security solutions, security standards, trends / best practices, offensive techniques and tools
- Perform Blackbox/Graybox testing of Web/Mobile/Thick client applications
- Perform Network Vulnerability Assessments and Penetration Testing
- Risk Evaluation of observed vulnerabilities based on common risk scoring techniques such as CVSS
- Knowledge-share with team on techniques and results
- Create detailed report of findings and recommendations after testing is complete and present to stakeholders
- Coordinate with developers/stakeholders on the findings for appropriate fixes
- Stay up-to-date in current tools, techniques, and vulnerabilities to incorporate into testing practices
- Minimum 3 years experience in specifically Security Testing function
- Degree in Computer Science / IT Security or other related disciplines
- Should be OSCP or CREST CRT Certified
- Minimum 3 years experience in Security Testing
- Should have an overall exposure and understanding of Application and Network Security testing
- Strong knowledge of the OWASP Top 10, OWASP Mobile Top 10, SANS top 25. Detailed knowledge of common web application attack vectors such as SQL injection, CSRF, XSS, Session Management issues, Insecure Direct Object reference, Click jacking, buffer overflows, etc.
- Experience in manual application penetration testing of web- based applications, thick- client applications, mobile applications, web services, API s etc.
- Experience in Source Code Review of applications
- Experience in manual mobile application penetration testing on platforms like Android, IOS, etc both client and server side applications.
- Should have knowledge on Risk Rating Standards like DREAD, CVSS etc.
- Experience in automated web application vulnerability scanners (e.g. Web inspect, Burp suite Pro, etc)
- Should have performed Black Box / Grey Box Application penetration testing.
- Good understanding of application protocols such as HTTP, SAML, OAUTH, OpenID Connect, etc.
- Good understanding of network technologies and protocols such as NIPS, IDS, TLS/SSL, DLP, firewalls, WAF, DNS and other common technologies and protocols.
- Experience in performing Network Penetration Testing for both internal and external networks.
- Knowledge in end-to-end flow on executing application and network penetration testing
- Should be able to work as individual contributor or as team player wherever required
By submitting your resume/CV, you consent and agree to allow the information provided to be used and processed by or on behalf of Xtremax Pte Ltd for purposes related to your registration of interest in current or future employment with us and for the processing of your application for employment.
You also represent to us that you have obtained the consent of your referees when you disclose to us their personal data for the purpose of conducting reference checks.
We regret to inform you that should you not consent to providing the necessary data required for us to process your application, your application will be considered void.
Other jobs like this
Explore more Cyber Security career opportunities
Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cybersecurity in general, filtered by job title or popular skill, toolset and products used.
- Open Cyber Security Engineer jobs
- Open Staff Application Security Engineer jobs
- Open Penetration Tester jobs
- Open Senior DevSecOps Engineer jobs
- Open Application Security Engineer/Architect jobs
- Open Senior Security Operations Engineer jobs
- Open Cyber Threat Intelligence Analyst jobs
- Open Staff Security Engineer jobs
- Open Lead Security Engineer jobs
- Open Cyber Security Analyst jobs
- Open SOC Analyst jobs
- Open Sr. Security Engineer jobs
- Open Cybersecurity Engineer jobs
- Open Senior Information Security Engineer jobs
- Open Head of Information Security jobs
- Open Information System Security Officer (ISSO) jobs
- Open Senior Penetration Tester jobs
- Open Senior Information Security Analyst jobs
- Open Senior Threat Intelligence Analyst jobs
- Open Cloud Security Automation Specialist jobs
- Open Cloud Security Operations Lead jobs
- Open Offensive Security Engineer jobs
- Open Information Security Officer jobs
- Open Azure Security Engineer jobs
- Open Security Operations Analyst jobs
- Open DevOps-related jobs
- Open Application security-related jobs
- Open Audits-related jobs
- Open Analytics-related jobs
- Open PCI-related jobs
- Open OWASP-related jobs
- Open Threat intelligence-related jobs
- Open Clearance-related jobs
- Open Security assessments-related jobs
- Open IDS-related jobs
- Open Forensics-related jobs
- Open Ruby-related jobs
- Open Splunk-related jobs
- Open Encryption-related jobs
- Open CEH-related jobs
- Open CISM-related jobs
- Open GDPR-related jobs
- Open Open Source-related jobs
- Open Agile-related jobs
- Open OSCP-related jobs
- Open Threat detection-related jobs
- Open Machine Learning-related jobs
- Open Intrusion detection-related jobs
- Open DevSecOps-related jobs