penetration tester

Overview

Offices	Petaling Jaya
Job-type	Full-Time
Job Category	IT - Software
Industries	IT
Salary	MYR 5,000 - 8,000 /Month

Who you'll be working for

• Stability & credibility – a well-established fintech and cybersecurity company with a strong regional track record. • Career growth & exposure – hands-on opportunities across technology, finance, and security with continuous learning. • Global mindset – collaboration with international teams and exposure to multi-market projects.

What requirements you'll need to be eligible

Required Technical Skills

• Strong hands-on experience in penetration testing / offensive security.

• Solid understanding of:

  • TCP/IP, DNS, HTTP/S, VPNs, firewalls

  • Windows & Linux operating systems

  • Active Directory attack techniques

• Proficiency with tools such as:

  • Burp Suite, Metasploit, Nmap, Nessus

  • SQLmap, Nikto, Gobuster, BloodHound

  • Kali Linux / Parrot OS

• Experience testing against OWASP Top 10 vulnerabilities.

• Basic scripting ability (Python, Bash, PowerShell preferred).

---

Nice to Have (Strong Advantage)

• Certifications: OSCP, OSCE, CRTO, CEH, GPEN, eWPT

• Experience in cloud security testing (AWS, Azure, GCP).

• Exposure to Red Teaming, Purple Teaming, or Threat Emulation.

• Prior experience working in consulting / MSSP / IT solutions environments.

---

Soft Skills & Mindset

• Strong analytical and problem-solving skills.

• Ability to work independently across multiple client engagements.

• Clear communication and report-writing skills.

• Ethical, detail-oriented, and responsible security mindset.

 

What you'll be doing on the job

Key Responsibilities

Penetration Testing & Offensive Security

• Conduct black-box, grey-box, and white-box penetration tests for client environments.

• Perform network, web application, API, and mobile application security testing.

• Execute internal and external infrastructure penetration tests, including Active Directory attacks.

• Identify, exploit, and validate vulnerabilities aligned with OWASP Top 10, SANS, and MITRE ATT&CK.

• Perform privilege escalation, lateral movement, and post-exploitation analysis where applicable.

Reporting & Client Engagement

• Produce clear, structured, and risk-based penetration testing reports.

• Translate technical findings into business-impact language for clients.

• Present findings, walkthroughs, and remediation advice to client technical teams.

• Support re-testing and validation after remediation.

Collaboration & Continuous Improvement

• Work with security architects and consultants on secure design recommendations.

• Stay current with emerging threats, attack techniques, and tools.

• Assist in developing testing methodologies, playbooks, and internal tooling.

Consultant Contact

Posted by:	Tashvinder Singh
Phone:	+60162521210
Email:	tashvinder.s@recruitfirst.co
Reg No:	HTTPS://ABOUT.RECRUITFIRST.CO/TASHVINDER.S