Penetration Tester

Description Job Overview We seek a Penetration Testing with CAT1 clearance to lead VAPT for Singapore government and critical infrastructure sectors. You will execute full-scope attacks (networks, apps, cloud, OT), bypass advanced defenses, and deliver actionable remediation strategies. This role requires CREST/OSCP certification, deep exploit development skills, and experience with GovTech cybersecurity frameworks. Core Responsibilities Advanced Threat Emulation: CAT1-cleared engagements Network: Breach segmented govt networks (e.g., air-gapped systems) Applications: Exploit web/mobile apps (SCADA interfaces, GovTech portals) Cloud: Attack AWS GovCloud/Azure Government environments OT: ICS/SCADA system penetration (Siemens, Rockwell) Develop custom malware/exploits (C++, Python) to evade EDR/XDR Red Team Operations: Lead multi-vector campaigns Phishing (Evade Proofpoint/MS ATP) Physical security bypass (RFID cloning, access control spoofing) Wireless attacks (802.1X, WPA3-Enterprise) Document TTPs aligned with MITRE ATT&CK for ICS/Enterprise Govt Compliance & Reporting: Align tests with IM8, CSA Red Teaming Guidelines, and NIST SP 800-115 Deliver executive briefings to CISOs with exploit demos Create remediation playbooks Research & Development: Reverse engineer firmware (Binwalk, Ghidra) for 0-day discovery Contribute to ASEAN CERT advisories (e.g., SingCERT) Technical Requirements Non-Negotiable Credentials CAT1 Security Clearance Active Certifications: OSCP or CREST CRT/CCT (Inf/App) 2+ years in pentesting Tool Proficiency Exploitation - Metasploit Pro, Cobalt Strike, Burp Suite Pro, PowerSploit Post-Exploit - BloodHound, Mimikatz, Impacket, Covenant C2 Forensics - Volatility, Wireshark, CHIRP (ICS) Wireless - HackRF One, Proxmark3, Wi-Fi Pineapple Cloud - Pacu (AWS), MicroBurst (Azure), GCP IAM Exploit Toolkit Preferred Qualifications Certifications: OSCE³, CREST CCT Gold, OSCP Govt Framework Experience: IM8 Penetration Test Guidelines, CSA Cyber Essentials Public Contributions: CVEs, exploit-db submissions, conference talks (Black Hat Asia, DEFCON) #J-18808-Ljbffr Industry Other Category IT & Technology Sub Category Professional Services