Security Penetration Tester

Location(s): Asia-Pacific & Middle East : Malaysia : Kuala Lumpur

BAE Systems Digital Intelligence is home to 4,500 digital, cyber and intelligence experts. We work collaboratively across 10 countries to collect, connect and understand complex data, so that governments, nation states, armed forces and commercial businesses can unlock digital advantage in the most demanding environments.

About Us

Our mission at BAE Systems Digital Intelligence is to collect, connect and understand complex data, so that our customers can unlock digital advantage in the most demanding environments.

At our Malaysian Global Delivery Centre, we work with clients from around the world to deliver cyber technical services to support our customers in keeping their systems secure in today's hostile digital world.

As a Senior Penetration Tester, you will perform comprehensive penetration testing assessments across a wide range of sectors and produce comprehensive written reports to meet high industry standards. Beyond the testing itself, you will be involved in client pre-engagement processes, contributing to scoping tasks and drafting proposals.

This position is part of our global Cyber Technical Services team, which includes adjacent areas such as Threat Intelligence and SOC Consulting.

Your role will involve:

• Delivery of end-to-end security testing engagements, including scoping and client wash-up meetings.

• Performing a wide range of security testing types such as web application, infrastructure and objective based/red teaming.

• Production of detailed reporting and presentations for both technical and non-technical stakeholders.

• Safe and responsible use of testing tools, ensuring controls are in place to limit risks during customer engagements.

• Developing improvements in terms of scripts, tools, or techniques to enhance the Security Testing team's capabilities.

• Maintaining an up-to-date knowledge of information security issues, continuously learning about new technologies, methodologies, and techniques.

• Knowledge sharing with colleagues in other teams, such as Threat Intelligence, Incident Response, and the wider Security Consulting community.

• Assist and support team members in troubleshooting complex technical issues, reviewing vulnerability findings, and validating penetration test results to uphold high standards of accuracy, consistency, and reporting quality.

Role requirements

• We are looking for those with a passion for cybersecurity. Those who contribute to cybersecurity related blogs, engage in vulnerability research/bug bounties or other community related events will be looked at favourably

• Experience in common offensive penetration testing domains such as testing of web applications, infrastructure and red teaming. Experience with wireless and mobile testing also an advantage.

• Evidenced skills through industry recognised certifications such OSCP, CREST or CRTO

• Confident communicator with excellent spoken and written English communication skills

• Experience using common industry tools such as Kali Linux, Nessus & Burpsuite

Desirable

• Knowledge of C2 frameworks such as Cobalt Strike

• Threat hunting or compromised assessment experience

What We Offer

• You'll have a dedicated line Manager to help you develop your career and guide you on your journey through BAE Systems Digital Intelligence

• We will support your personal training and development in the areas of cybersecurity by sponsoring training courses and certification exams (i.e OSCP, CREST, CRTO)

• Work-life balance is important; you'll get 18 days holiday a year (increases to 21 after 5 years' service)

• We support hybrid working and give flexibility for teams to decide on the balance between remote and office-based working

• Our benefits package includes private family medical cover, maternity (4 months), paternity (2 weeks), study leave & a Optical/Dental/Health screening allowance

• You'll be part of our annual bonus and share award scheme

Life at BAE Systems Digital Intelligence

We are embracing Hybrid Working. This means you and your colleagues may be working in different locations, such as from home, another BAE Systems office or client site, some or all of the time, and work might be going on at different times of the day.

By embracing technology, we can interact, collaborate and create together, even when we're working remotely from one another. Hybrid Working allows for increased flexibility in when and where we work, helping us to balance our work and personal life more effectively, and enhance well-being.

Diversity and inclusion are integral to the success of BAE Systems Digital Intelligence. We are proud to have an organisational culture where employees with varying perspectives, skills, life experiences and backgrounds – the best and brightest minds – can work together to achieve excellence and realise individual and organisational potential.