- Conduct comprehensive application security testing including SAST, DAST, IAST, and API security testing.
- Perform in-depth manual penetration testing to uncover complex vulnerabilities such as business logic flaws, privilege escalation paths, and chained attack scenarios.
- Identify, validate, and responsibly exploit vulnerabilities aligned to industry frameworks such as OWASP Top 10, SANS CWE Top 25, and NIST standards.
- Analyze and triage findings from automated security tools, distinguishing false positives and prioritizing critical risks.
- Collaborate with developers to provide remediation guidance and promote secure coding best practices.
- Support threat modeling and risk assessments during SDLC phases.
- Produce clear, actionable vulnerability assessment reports with risk ratings, proof-of-concept evidence, and remediation recommendations.
- Track remediation progress and partner with engineering teams to perform root cause analysis.
- Maintain up-to-date documentation of testing methodologies, frameworks, and standards.
Qualification:
- Minimum of 3 years of experience in cyber security.
- Strong understanding of web application architecture, authentication and authorization mechanisms, session management, and data flows.
- Hands-on experience with leading security tools such as:
- Burp Suite
- OWASP ZAP
- Postman
- Nessus
- Checkmarx
- Veracode
- Fortify
- SonarQube
- Experience with scripting or automation (Python, Bash, PowerShell, JavaScript).
- Familiarity with cloud security, particularly in Microsoft Azure environments.
- Strong understanding of secure coding standards and common vulnerability patterns.
- Industry certifications such as OSCP, OSWE, GPEN, GWAPT, CEH, or CSSLP.
- Knowledge of container security (Docker, Kubernetes) and microservices architecture.
- Experience integrating security testing within CI/CD pipelines.
Morgan McKinley Pte Ltd
Lim Sook Fern
EA Licence No: 11C5502 | EAP Registration No: R1106192
