Project Testers 8791

Work hybrid office at Malaysia Sepang

Open to any nationality (slow) with first priority, Local (fast)

MUST HAVE:
Required Qualifications and Skills:

-     Experience:

-     3-7 years in penetration testing and security assessments.
-     Certifications (preferred): OSCP, OSWE, OSEP, GPEN, GWAPT, or equivalent.
-     Additional certifications (e.g., AWS Security Specialty, Azure Security Engineer) are a plus.
-     Technical Skills:

-     Strong hands-on experience with tools like Burp Suite, OWASP ZAP, Metasploit, Nmap, Wireshark, MobSF, Nessus, Qualys, Nexpose, and firewall analyzers (e.g., AlgoSec, Tufin).
-     Ability to perform manual testing beyond automated scanner results.
-     Soft Skills:

-     Strong documentation and reporting abilities; excellent attention to detail.
-     Effective communicator with both technical and non-technical stakeholders.
-     Self-organized, able to juggle multiple projects and shifting priorities.
-     Comfortable providing onsite support and direct client interaction.
-     Other Requirements:

-     Willingness to travel within Malaysia for onsite activities (as required).
-     Ability to work independently and as part of a distributed team.

**Requirements**:
**2. Project Testers**
-     Deliver all testing (web, mobile, AD, infra, WiFi, cloud, firewall).
-     Available for onsite presence in Malaysia.
-     Handle reporting, documentation, retesting, and vulnerability tracking.
-     Assist in scheduling, project updates, SLA tracking, and internal coordination.

Key Responsibilities:
Technical Penetration Testing
-     Perform in-depth manual and automated penetration tests on:

-     Active Directory environments (privilege escalation, lateral movement)
-     Network infrastructure (routers, switches, firewalls, SSL VPNs)
-     WiFi networks (black-box, white-box testing)
-     Cloud infrastructure (AWS security groups, Azure firewalls, micro-segmentation)
-     Identify, validate, and exploit vulnerabilities across systems, ensuring mínimal false positives.

Infrastructure Security Assessment
-     Conduct semi-annual reviews of router/switch/firewall configurations.
-     Perform firewall rule base analysis, configuration hardening, and compliance reviews (PCI DSS, NIST, internal standards).
-     Utilize firewall analyzer tools to model access paths, simulate threats, and assess cloud-native controls.

Project and Client Support
-     Provide onsite support at customer locations as needed.
-     Engage in change management processes, prepare CAB submissions, and attend project meetings.
-     Ensure adherence to defined SLAs, reporting timelines, and project milestones.

Reporting and Documentation
-     Prepare detailed technical reports, including:

-     Vulnerability descriptions, risk ratings, and remediation recommendations.
-     Step-by-step attack sequences with supporting screenshots.
-     Confirmatory retest documentation.
-     Maintain accurate records of testing activities, exploitation attempts, and engagement outcomes.
-     Collaborate with project leads to ensure report delivery within agreed timelines.

Knowledge Sharing and Continuous Learning
-     Stay updated on emerging vulnerabilities, tools, and attack techniques.
-     Contribute to internal knowledge bases and playbooks.
-     Provide informal mentoring to less experienced testers.

⸻

Required Qualifications and Skills:

-     Experience:

-     3-7 years in penetration testing and security assessments.
-     Certifications (preferred): OSCP, OSWE, OSEP, GPEN, GWAPT, or equivalent.
-     Additional certifications (e.g., AWS Security Specialty, Azure Security Engineer) are a plus.
-     Technical Skills:

-     Strong hands-on experience with tools like Burp Suite, OWASP ZAP, Metasploit, Nmap, Wireshark, MobSF, Nessus, Qualys, Nexpose, and firewall analyzers (e.g., AlgoSec, Tufin).
-     Ability to perform manual testing beyond automated scanner results.
-     Soft Skills:

-     Strong documentation and reporting abilities; excellent attention to detail.
-     Effective communicator with both technical and non-technical stakeholders.
-     Self-organized, able to juggle multiple projects and shifting priorities.
-     Comfortable providing onsite support and direct client interaction.
-     Other Requirements:

-     Willingness to travel within Malaysia for onsite activities (as required).
-     Ability to work independently and as part of a distributed team.

Key Performance Metrics:

-     Adherence to project timelines and SLA requirements.
-     Quality and accuracy of penetration testing findings (zero false positives, no missed critical vulnerabilities).
-     Client satisfaction during clarifications and onsite engagements.
-     Completeness and clarity of reporting deliverables.

**Job Types**: Full-time, Permanent, Contract, Temporary, Freelance, Internship, Fresh graduate, Student job
Contract length: 12 months

Pay: RM1.00 - RM2.00 per month

**Benefits**