🤖 15+ AI Agents working for you. Find jobs, score and update resumes, cover letter, interview questions, missing keywords, and lots more.
Cookies & analytics consent
We serve candidates globally, so we only activate Google Tag Manager and other analytics after you opt in. This keeps us aligned with GDPR/UK DPA, ePrivacy, LGPD, and similar rules. Essential features still run without analytics cookies.
Read how we use data in our Privacy Policy and Terms of Service.
🤖 15+ AI Agents working for you. Find jobs, score and update resumes, cover letter, interview questions, missing keywords, and lots more.
FIRMUS • Kuala Lumpur, Kuala Lumpur, Malaysia
Role & seniority: Penetration Testing Lead (technical leadership, senior practitioner)
Stack/tools: hands-on penetration testing across networks, web apps, mobile, and cloud; offensive security techniques; exploitation methods; vulnerability analysis tools; MITRE ATT&CK framework; report writing and QA processes
Design, scope, and lead security assessment engagements (networks, web, mobile, cloud)
Conduct advanced offensive testing (including Red Team exercises) and oversee post-engagement analysis with prioritized recommendations
Coordinate with clients, ensure deliverables’ quality (QA) and provide strategic security advisement
5+ years of hands-on penetration testing, web/mobile app security, and Red Team experience
Expert knowledge of exploitation techniques, attack methodologies, and vulnerability analysis tools
Strong analytical ability, attention to detail, and excellent written/spoken communication
Certifications such as OSCP, CREST CRT (or equivalent)
Familiarity with regulatory frameworks and broader defensive architectures
Experience mentoring junior consultants and delivering client-facing strategic guidance
Location & work type: on-site, full-time, WP Kuala Lumpur, Malaysia
The Penetration Tester will be serving as the Penetration Testing Lead, is a technical leadership role responsible for steering and executing advanced offensive security engagements. This role requires a security practitioner capable of designing, managing, and delivering comprehensive security assessments including penetration testing, red teaming, and application security reviews to identify critical vulnerabilities and assess organizational risk across diverse client environments.
Key Responsibilities Technical Leadership & Execution
Design and Scope Engagements: Plan, scope, and lead security assessment activities targeting network infrastructure, web applications, mobile platforms, and cloud environments.
Advanced Testing: Conduct offensive security exercises, including Red Team exercises, to simulate real-world threats and test defensive capabilities.
Post-Engagement Analysis: Oversee the thorough documentation of findings, providing clear, actionable, and prioritized recommendations to mitigate identified risks. Consulting & Reporting
Client Collaboration: Work directly with clients to understand their security objectives, define testing parameters, and clearly communicate the technical findings and associated business risk.
Quality Assurance (QA): Serve as a technical QA reviewer for reports and deliverables produced by junior consultants, ensuring accuracy, clarity, and adherence to industry best practices.
Strategic Advisement: Provide strategic counsel to clients on enhancing their overall security posture, incident response capabilities, and adherence to relevant compliance standards. Team Mentorship & Growth
Mentorship: Mentor and train junior consultants, fostering the development of technical skills in penetration testing methodologies, application security, and report writing.
Qualifications & Experience Essential Technical Expertise
Proven Expertise: 5+ years of demonstrable experience in hands-on penetration testing, web and mobile application security, and managing Red Team exercise.
Offensive Security Skills: Expert knowledge of common exploitation techniques, attack methodologies (e.g., MITRE ATT&CK), and vulnerability analysis tools.
Foundational Knowledge: Broad and deep understanding of core Cybersecurity principles, defensive architectures, and regulatory frameworks. Educational & Professional Requirements
Certifications: Possession of industry-leading certifications such as OSCP, CREST CRT or equivalent is highly advantageous.
Analytical Skills: Exceptional analytical ability and meticulous attention to detail required for complex vulnerability research and reporting. Soft Skills & Work Environment
Communication: Excellent verbal and written communication skills, with the ability to articulate complex technical concepts to both technical and executive audiences.
Team Collaboration: Demonstrated ability to lead projects, work effectively on-site, and collaborate seamlessly with cross-functional internal and client teams.
Location: Commitment to working full-time on-site in WP. Kuala Lumpur.