Perform source code security reviews (Java/NET/Python/Node/Go/etc) to find logic flaws, authentication/authorization bugs, injection risks, insecure deserialization, secrets in source, crypto misuse, and insecure third-party libs.
Perform in-depth Node js / JavaScript source-code reviews (Express, NestJS, Next js, serverless functions) focusing on authentication/authorization logic, async/await pitfalls, prototype pollution, SSR/CSR vulnerabilities, insecure deserialization, insecure use of eval()/Function(), improper input validation, and unsafe third-party NPM packages.
Assess Node js runtime and package-related risks (dependency chain vulnerabilities, unsafe native modules, environment variable/secret handling, npm/yarn lockfile issues), and recommend SCA/SBOM improvements.
Conduct server and OS hardening assessments, privilege escalation analysis, and persistence technique discovery.
Run authenticated and unauthenticated test scenarios; produce reproducible exploits or proof-of-concepts where safe and permitted.
Produce audit-grade deliverables: executive summary, technical findings, impact/risk ratings, CVSS mapping, step-by-step exploitation evidence, and prioritized remediation guidance suitable for PCI-DSS and ISO27001 audits.
Collaborate with developers and infra engineers to validate fixes and re-test remediations.
Design and maintain internal pentest methodologies, checklists and playbooks aligned to PCI-DSS (such as penetration testing requirements) and ISMS controls (Annex A).
Participate in threat modelling, secure code training, and vulnerability triage sessions.
Keep pentest tooling, scripts, and knowledge up to date contribute to automation for repeatable testing (CI/CD scans, SCA, DAST, SAST pipelines).
When required, coordinate with Approved Scanning Vendors (ASVs), QSAs, or external auditors for compliance validation.
Job Types: Full-time, Permanent
Pay: Up to RM8,000.00 per month
Benefits:
Free parking
Health insurance
Maternity leave
Opportunities for promotion
Professional development
Work Location: In person
MNCJobz.com will not be responsible for any payment made to a third-party. All Terms of Use are applicable.