IT Security Consultants


Singapore, Singapore

  • Job Ref.No: 01175903
  • Budget:
  • Timeline: to be confirmed later
  • Closing on: 12/12/2021
  • Country: Singapore

Job Description

Part-timers & Freelancers are welcomed to apply this Full time position
We are looking for experienced security professionals who can help our clients achieve a secured environment for their applications and web information. You must have strong experience in performing penetration testing and vulnerability management services for applications, network systems, operating systems and databases. Candidates should have experience with black box, grey box, and white box testing. Selected candidates will work on a whole-of-government platform that hosts close to 500 web applications.

Perform Secure Code Reviews of the application code using both Manual and Automated Approach.
Conduct security assessments such as penetration and vulnerability tests
Keep updated on knowledge of the IT security industry: including awareness of new or revised security solutions, security standards, trends / best practices, offensive techniques and tools
Perform Blackbox/Graybox testing of Web/Mobile/Thick client applications
Perform Network Vulnerability Assessments and Penetration Testing
Risk Evaluation of observed vulnerabilities based on common risk scoring techniques such as CVSS
Knowledge-share with team on techniques and results
Create detailed report of findings and recommendations after testing is complete and present to stakeholders
Coordinate with developers/stakeholders on the findings for appropriate fixes
Stay up-to-date in current tools, techniques, and vulnerabilities to incorporate into testing practices
Job Requirement
Minimum 3 years experience in specifically Security Testing function
Minimum 2 years of experience in performing automated secure code review using tools such as Microfocus Fortify or Checkmarx and manual code review (by reading codes) to identify potential vulnerabilities.
Shall have knowledge of at-least two major programming languages such as Java and .Net.
Degree in Computer Science / IT Security or other related disciplines
Should have an overall exposure and understanding of Application and Network Security testing
Strong knowledge of the OWASP Top 10, OWASP Mobile Top 10, SANS top 25. Detailed knowledge of common web application attack vectors such as SQL injection, CSRF, XSS, Session Management issues, Insecure Direct Object reference, Click jacking, buffer overflows, etc.
Experience in manual application penetration testing of web- based applications, thick-client applications, mobile applications, web services, API s etc.
Experience in manual mobile application penetration testing on platforms like Android, IOS, etc both client and server side applications would be preferrred.
Should have knowledge on Risk Rating Standards like DREAD, CVSS etc.
Experience in automated web application vulnerability scanners (e.g. Web inspect, Burpsuite Pro, etc)
Should have performed Black Box / Grey Box Application penetration testing.
Good understanding of application protocols such as HTTP, SAML, OAUTH, OpenID Connect,etc.
Good understanding of network technologies and protocols such as NIPS, IDS, TLS/SSL, DLP, firewalls, WAF, DNS and other common technologies and protocols.
Experience in performing Network Penetration Testing for both internal and external networks.
Knowledge in end-to-end flow on executing application and network penetration testing
Should be OSCP or CREST CRT certified.
Should be able to work as individual contributor or as team player wherever required

Please DO NOT provide your credit card details when applying for jobs. Applicants are advised not to pay any upfront payments, investments or any registration fee for the purpose of applying jobs.

This job ad was updated on 09/11/2021 at does not charge any fee or take any commission for finding and applying jobs.
Something suspicious? Report this job