Application Security Tester

We're seeking an Application Security Tester to evaluate the security posture of web, cloud, and API applications, identify vulnerabilities and misconfigurations, perform penetration testing, and ensure compliance with secure coding standards. 

Key Responsibilities: 

Security Testing & Assessment

• Execute static (SAST), dynamic (DAST), interactive (IAST), and API security testing across diverse applications.
• Carry out manual penetration testing to identify business logic weaknesses, privilege escalation opportunities, and complex vulnerabilities not detected by automated tools.
• Discover, exploit, and validate vulnerabilities in alignment with industry standards such as OWASP Top 10, SANS CWE Top 25, and NIST.
• Interpret results from automated security scanners and collaborate with developers to ensure effective remediation.
• Provide expert input on secure coding practices, threat modeling, and risk mitigation strategies.

Reporting & Documentation

• Develop clear and actionable vulnerability reports that include risk ratings, exploitation details, and recommended controls.
• Monitor remediation progress and assist engineering teams with root‑cause analysis.
• Maintain comprehensive documentation of testing methodologies, standards, and frameworks to support consistency and compliance.

Requirements:

• Bachelor's degree in Computer Science, Information Security, or a related discipline.
• At least 3 years of professional experience in application security testing, including penetration testing and vulnerability assessment.
• Solid understanding of web application architecture, authentication, authorization, and data flow processes.
• Proficiency with security tools such as Burp Suite, OWASP ZAP, Postman, Nessus, Checkmarx, Veracode, Fortify, and SonarQube.
• Practical experience with scripting or automation using Python, Bash, PowerShell, or JavaScript.
• Familiarity with cloud‑native security (Azure) and API security testing.
• Strong grasp of secure coding standards and common vulnerability patterns.

Interested candidates may apply through the application system or send it to [HIDDEN TEXT]. Shortlisted candidates will be notified.

By sending us your personal data and curriculum vitae (CV), you are deemed to consent to Morgan Mckinley Pte Ltd and its affiliates to collect, use and disclose your personal data for the purposes set out in the Privacy Policy available at https://www.morganmckinley.com/sg/privacy-policy. You acknowledge that you have read, understood, and agree with the Privacy Policy.

Morgan McKinley Pte Ltd

Koh Boon Sien

EA Licence No: 11C5502

EA Registration No. R1110345