Senior Penetration Testing Lead

Role Description

The Senior Penetration Testing Lead is a technical leadership role responsible for steering and executing advanced offensive security engagements. This role requires a security practitioner capable of designing, managing, and delivering comprehensive security assessments—including penetration testing, red teaming, and application security reviews—to identify critical vulnerabilities and assess organizational risk across diverse client environments.

This is a full-time, on-site position based in
WP. Kuala Lumpur
.

Key Responsibilities

Technical Leadership & Execution

• Design and Scope Engagements:
  Plan, scope, and lead security assessment activities targeting network infrastructure, web applications, mobile platforms, and cloud environments.
• Advanced Testing:
  Conduct offensive security exercises, including Red Team exercises, to simulate real-world threats and test defensive capabilities.
• Post-Engagement Analysis:
  Oversee the thorough documentation of findings, providing clear, actionable, and prioritized recommendations to mitigate identified risks.

Consulting & Reporting

• Client Collaboration:
  Work directly with clients to understand their security objectives, define testing parameters, and clearly communicate the technical findings and associated business risk.
• Quality Assurance (QA):
  Serve as a technical QA reviewer for reports and deliverables produced by junior consultants, ensuring accuracy, clarity, and adherence to industry best practices.
• Strategic Advisement:
  Provide strategic counsel to clients on enhancing their overall security posture, incident response capabilities, and adherence to relevant compliance standards.

Team Mentorship & Growth

• Mentorship:
  Mentor and train junior consultants, fostering the development of technical skills in penetration testing methodologies, application security, and report writing.

Qualifications & Experience:

Essential Technical Expertise

• Proven Expertise:
  5+ years of demonstrable experience in hands-on penetration testing, web and mobile application security, and managing Red Team exercise.
• Offensive Security Skills:
  Expert knowledge of common exploitation techniques, attack methodologies (e.g., MITRE ATT&CK), and vulnerability analysis tools.
• Foundational Knowledge:
  Broad and deep understanding of core Cybersecurity principles, defensive architectures, and regulatory frameworks.

Educational & Professional Requirements

• Certifications:
  Possession of industry-leading certifications such as
  OSCP, CREST CRT or equivalent
  is highly advantageous.
• Analytical Skills:
  Exceptional analytical ability and meticulous attention to detail required for complex vulnerability research and reporting.

Soft Skills & Work Environment

• Communication:
  Excellent verbal and written communication skills, with the ability to articulate complex technical concepts to both technical and executive audiences.
• Team Collaboration:
  Demonstrated ability to lead projects, work effectively on-site, and collaborate seamlessly with cross-functional internal and client teams.
• Location:
  Commitment to working
  full-time on-site
  in WP. Kuala Lumpur.

At Firmus, we embrace Diversity, Equity, and Inclusion (DEI) as foundational pillars of our workplace culture. We are opposed to discrimination on any basis, including but not limited to race, religion, color, gender identity, sexual orientation, national origin or any characteristic protected by applicable law. Our commitment to fostering a diverse and inclusive workforce is unwavering, and every employment decision is rooted in the principles of DEI, guided by qualifications, merit, and the genuine requirements of our business.