Title:  Penetration Tester (Cloud Applications)

We are seeking an experienced Penetration Tester (Cloud Applications) to join our team. The successful candidate will have expertise in cloud security, penetration testing, and vulnerability assessment. The role involves identifying and exploiting vulnerabilities in cloud-based systems, applications, and infrastructure to help our organization strengthen its cloud security posture.

Responsibilities:

• Conduct cloud penetration tests and vulnerability assessments to identify security weaknesses
• Design and implement custom exploits to test cloud security controls
• Analyze cloud security configurations and identify misconfigurations
• Develop and maintain cloud security testing tools and scripts
• Collaborate with development teams to implement secure coding practices
• Provide detailed reports and recommendations for remediation
• Stay up-to-date with emerging cloud security threats and technologies
• Conduct vulnerability assessment and penetration test on networks, web applications, mobile applications, wireless systems, clouds, IOT
• Perform host configuration review of OS, applications and networks
• Perform source code review 
• Perform security analysis on the vulnerabilities
• Prepare comprehensive reports with document findings 
• Deliver presentations to customers
• Keep abreast of new developments, emerging threats and vulnerabilities in cybersecurity practices and technologies. 

Requirements:

• 3+ years of experience in cloud security, penetration testing, or related field
• Strong understanding of cloud platforms (AWS, Azure, GCP)
• Experience with cloud security tools and technologies (e.g., CloudWatch, CloudTrail, IAM)
• Proficiency in programming languages (e.g., Python, Bash)
• Familiarity with vulnerability scanners and penetration testing frameworks (e.g., Nmap, Nessus, Metasploit)
• Possess one (or more) of the following Security certifications (would be an added advantage):

• Offensive Security Certified Professional (OSCP) certification
• CREST Registered Penetration Tester (CRT)
• GIAC Cloud Penetration Testing (GCPN)

• Candidates with 5 years or more experience will be considered for the Senior Consultant position who is able to lead projects
• Ability to collaborate with team members, executive tasks effectively and independently
• Strong analytical and problem-solving skills
• Possess good communication, interpersonal and reporting skills

Preferred Skillset:

• Experience with DevOps and continuous integration/continuous deployment (CI/CD) pipelines
• Knowledge of cloud security compliance frameworks (e.g., PCI-DSS, HIPAA)
• Familiarity with containerization (e.g., Docker) and serverless computing

Work location: Jurong East