Cybersecurity Testing Specialist, Leading Technology Group

We are currently partnering with a leading Technology Group to hire for a Cybersecurity Testing Specialist. As part of the central cybersecurity function, you will help drive a secure-by-design culture, shaping policies, frameworks, and hands-on practices that keeps platforms safe, resilient, and future-ready. In this role, you will work at the intersection of governance, engineering, and offensive security to uplift cybersecurity capabilities across a family of agencies.

Role

You are the subject matter expert for security testing and application security. You will define and refine enterprise standards for vulnerability assessment and penetration testing, establish operating procedures for working with security vendors, and maintain quality benchmarks for testing activities and reports. Beyond governance, you will lead advanced technical work such as red teaming, deep-dive penetration testing on high-impact systems, and adversary simulation based on current tactics, techniques and procedures. You will also champion secure software development by setting secure coding guidelines, driving adoption of SAST/SCA tools, and advising on DevSecOps integration within CI/CD pipelines. A key part of your mandate is to influence senior stakeholders, build communities of practice, and foster consistent, high-quality security practices across the enterprise.

Requirements

You have 8-10 years of deep, hands-on cybersecurity experience with a strong focus on offensive and application security, including penetration testing across web applications, on-premise and cloud infrastructure, and complex networks, complemented by proven expertise in manual and automated source code review and a solid grasp of secure SDLC, with the ability to work with languages such as Java, Python, .NET and JavaScript. You are proficient with enterprise security testing and code analysis tools (SAST, DAST, SCA, VAPT tools such as Checkmarx, Fortify, SonarQube, Snyk, Burp Suite) and familiar with cloud and DevOps environments like Jenkins, GitLab CI and GitHub Actions. You possess a strong understanding of adversary techniques (e.g. MITRE ATT&CK) and can communicate complex technical risks clearly to non-technical stakeholders, influencing outcomes even without direct authority; certifications such as OSCP, OSWE, CASE or GWEB are a plus. Singaporeans only.

To Apply

Interested candidates, please submit your resume to Grace Lim at [Confidential Information]. We regret to inform that only successful shortlisted candidates will be notified. License No: 16S8060 Registration no: R1988923