Job Description

1. Penetration Testing Coordination & Execution

Coordinate penetration testing engagements with external vendors, including:
o Internal & External Penetration Testing

o Firewall Configuration Review

o Wireless Network Penetration Testing

o Intelligence-led Red Team Exercises

o Mobile & Web Application Security Testing

o Network Segmentation Validation

Define and document testing scopes in collaboration with vendors and internal teams. Ensure testing activities comply with the company's security policies and regulatory guidelines.

2. Vulnerability Assessment & Risk Management

Review and analyze PTVA reports to identify security gaps. Prioritize vulnerabilities based on severity and business impact. Escalate findings to application owners and relevant stakeholders with clear remediation guidance. Track remediation progress and ensure timely closure.

3. Security Compliance & Governance

Ensure alignment with cybersecurity standards and regulatory frameworks, including:
o Bank Negara Malaysia's RMiT Guidelines

o ISO/IEC 27001

o PCI DSS

o NIST Cybersecurity Framework

Maintain documentation of assessments, findings, and remediation actions for audit purposes. Support the development and enhancement of internal security policies and procedures.

4. Stakeholder Engagement & Reporting

Collaborate with IT, application teams, and internal security functions to facilitate assessments and remediation. Prepare technical and management-level reports on testing outcomes and risk posture. Provide periodic updates and Key Risk Indicators (KRIs) to relevant stakeholders.

5. Continuous Security Improvement

Stay updated on emerging threats, vulnerabilities, and penetration testing techniques. Recommend security improvements based on assessment trends and industry best practices.

Job Qualifications

At least 3 years of experience in Penetration and Vulnerable Assessment. Solid understanding of penetration testing methodologies and frameworks (e.g., OWASP, PTES, NIST). Ability to interpret testing results and provide actionable mitigation strategies. Familiarity with regulatory compliance standards (ISO 27001, PCI DSS, RMiT).
Job Type: Contract

Benefits:

Maternity leave Professional development
Application Question(s):

How many years of experience do you have working as VAPT? What is your expected salary? How long is your notice period?- Please write in days Do you have experience in OWASP, PTES,NIST?
Work Location: In person