Penetration Tester

• Perform source code security reviews (Java/NET/Python/Node/Go/etc) to find logic flaws, authentication/authorization bugs, injection risks, insecure deserialization, secrets in source, crypto misuse, and insecure third-party libs.
• Perform in-depth Node js / JavaScript source-code reviews (Express, NestJS, Next js, serverless functions) focusing on authentication/authorization logic, async/await pitfalls, prototype pollution, SSR/CSR vulnerabilities, insecure deserialization, insecure use of eval()/Function(), improper input validation, and unsafe third-party NPM packages.
• Assess Node js runtime and package-related risks (dependency chain vulnerabilities, unsafe native modules, environment variable/secret handling, npm/yarn lockfile issues), and recommend SCA/SBOM improvements.
• Conduct server and OS hardening assessments, privilege escalation analysis, and persistence technique discovery.
• Run authenticated and unauthenticated test scenarios; produce reproducible exploits or proof-of-concepts where safe and permitted.
• Produce audit-grade deliverables: executive summary, technical findings, impact/risk ratings, CVSS mapping, step-by-step exploitation evidence, and prioritized remediation guidance suitable for PCI-DSS and ISO27001 audits.
• Collaborate with developers and infra engineers to validate fixes and re-test remediations.
• Design and maintain internal pentest methodologies, checklists and playbooks aligned to PCI-DSS (such as penetration testing requirements) and ISMS controls (Annex A).
• Participate in threat modelling, secure code training, and vulnerability triage sessions.
• Keep pentest tooling, scripts, and knowledge up to date contribute to automation for repeatable testing (CI/CD scans, SCA, DAST, SAST pipelines).
• When required, coordinate with Approved Scanning Vendors (ASVs), QSAs, or external auditors for compliance validation.

Job Types: Full-time, Permanent

Pay: Up to RM8,000.00 per month

Benefits:

• Free parking
• Health insurance
• Maternity leave
• Opportunities for promotion
• Professional development

Work Location: In person