Role & seniority: Penetration Test and Vulnerability Assessment Expert (mid-level) within Cyber Protection Group

Stack/tools: Penetration testing tooling (BurpSuite, Metasploit, Nexpose, Nessus), scripting (Python, PowerShell, JavaScript, etc.), source code security review; familiarity with web infra, network, and cloud environments

Top 3 responsibilities

Perform PT, VA, and source code security reviews on IT assets (infrastructure, web apps, military apps)
Document findings, analyze results, and prepare detailed technical reports with executive summaries
Advise on remediation, design and implement security controls, and develop security training for SAF personnel

Must-have skills

Education in Information Security, CS, IT, or related field; minimum 1 year PT/VA hands-on experience (military/government focus preferred)
Industry certifications (CREST CRT, GPEN, or OSCP)
Strong web/app, infrastructure, and network security knowledge; excellent communication and cross-functional collaboration

Nice-to-haves

Proficiency in scripting languages (Python, PowerShell, JavaScript, etc.)
Track record in vulnerability disclosure or CTF recognition
Experience with security assessment tools and cloud-based environments
Location & work type: Location: Singapore; Work type: not specified in posting

Full Description

Open to Singapore Citizens Only Penetration Test and Vulnerability Assessment Expert - Cyber Protection Group

What You Will Do Conduct comprehensive Penetration Testing (PT), Vulnerability Assessments (VA), and Source Code Security Reviews on IT assets, including infrastructure, web applications, and military applications. Develop tailored security assessment tools and scripts to enhance testing capabilities and address evolving threat vectors. Document findings, conduct analysis, and prepare detailed technical reports, including executive summaries for various stakeholders. Collaborate with security engineers, developers, and other stakeholders to provide actionable guidance on remediating identified security risks and vulnerabilities. Provide expertise in the design and implementation of security controls across applications, infrastructure, and network systems. Develop and deliver specialized training and awareness programs to elevate the cybersecurity capabilities of the SAF personnel, with opportunities for growth in leadership and knowledge-sharing in the military cybersecurity context. Maintain up-to-date knowledge of emerging threats, security best practices, and industry-standard frameworks.

What You Will Bring Education in Information Security, Computer Science, IT, or a related field. Minimum of 1 year of hands-on experience in conducting PT and VA, with a strong preference for experience in military or government-focused penetration testing Industry-recognized certifications such as CREST CRT, GPEN, or OSCP Strong understanding of web application, infrastructure, and network security architecture. Excellent communication and presentation skills, with a focus on conveying complex security findings to both technical and non-technical stakeholders. Demonstrated ability to work independently and collaboratively within cross-functional teams. Highly analytical, self-driven, and committed to continuous learning and skill enhancement.

Good to Have Proficiency in scripting languages, such as Python, PowerShell, JavaScript, VBScript, Ruby, or Perl. Track record of identifying and disclosing vulnerabilities or recognition in Capture-The-Flag (CTF) competitions. Proficiency with tools such as BurpSuite, Metasploit, Nexpose, Nessus, and other industry-standard penetration testing and vulnerability assessment tools. Experience conducting security assessments on application infrastructure, networks, and cloud-based systems.

Join us in shaping the future of defence technology. Apply today! Show more Show less