🤖 15+ AI Agents working for you. Find jobs, score and update resumes, cover letter, interview questions, missing keywords, and lots more.
Cookies & analytics consent
We serve candidates globally, so we only activate Google Tag Manager and other analytics after you opt in. This keeps us aligned with GDPR/UK DPA, ePrivacy, LGPD, and similar rules. Essential features still run without analytics cookies.
Read how we use data in our Privacy Policy and Terms of Service.
🤖 15+ AI Agents working for you. Find jobs, score and update resumes, cover letter, interview questions, missing keywords, and lots more.
FIRMUS • Kuala Lumpur, Kuala Lumpur, Malaysia
Role & seniority
Stack/tools
Penetration testing, red teaming, application security (web, mobile), cloud.
Manual & automated testing methods; exploit publication a plus.
MITRE ATT&CK framework; standard security tooling; OSCP/CREST certifications.
Top 3 responsibilities
Plan, scope, and lead security assessment activities across networks, web/mobile apps, and cloud environments.
Conduct offensive security exercises (including Red Team) to simulate real threats and test defenses.
Document findings with clear, prioritized recommendations; communicate business risk to clients; perform QA reviews and ensure deliverables meet standards.
Must-have skills
3–5+ years hands-on pentesting, web/mobile app security, and red team experience.
Industry certifications (OSCP, CREST CRT or equivalent).
Proficiency in manual and automated testing; strong analytical ability; solid reporting and client-facing communication.
Understanding of exploitation techniques, attack methodologies (MITRE ATT&CK), and regulatory frameworks.
Project management and leadership capabilities; able to work Malaysia working hours.
Nice-to-haves
Experience publishing security exploits; advisory/strategic security counsel; familiarity with incident response and compliance objectives.
Cloud, CI/CD security, or advanced persistent threat simulation experience.
Location & work type
The Penetration Tester is a contract, remote-based role requiring an experienced and certified security practitioner capable of designing, executing, and managing comprehensive security assessments. This includes penetration testing, red teaming, and application security reviews to uncover critical vulnerabilities and assess organizational risk across diverse client environments.
Qualifications & Experience Degree in Information Technology, Cybersecurity, or a related computer science field is preferred. 3-5+ years of hands-on experience in penetration testing, web and mobile application security, and managing red team exercises. Strong proficiency in both manual and automated security testing methodologies and tools (experience in publishing security exploits is an added advantage). Possession of industry-recognized certifications such as OSCP, CREST CRT, or equivalent is required. Expert understanding of exploitation techniques, attack methodologies (e.g., MITRE ATT&CK), and vulnerability assessment tools. Broad knowledge of core cybersecurity principles, defensive architectures, and relevant regulatory frameworks. Strong analytical skills with meticulous attention to detail for vulnerability research, analysis, and reporting. Demonstrated project management and leadership capabilities. Applicants must be able to perform their duties following Malaysia working hours.