Penetration Tester

Overview

Capiteq is a Singapore-based technology company specializing in Technology Management services for Hedge Funds, Asset Management, and Private Family offices within Asia. We offer tailored solutions to meet the exclusive demands of our clients. Our expertise ensures the highest level of service and operational efficiency. Join us and contribute to providing exceptional technology management solutions in the financial sector.

We are seeking a skilled Penetration tester with SOC experience to join us as a Cyber Security Analyst.

Role Description

This is a full-time remote role working with our teams in Singapore and Hong Kong on a daily basis and will involve performing Pen tests, vulnerability scans as well as work proactively on risk surface reduction. Candidates for this role must hold a certification in Pen testing (OCSP and GIAC GWAPT, CREST) as well as have proven experience in this field. This role is best suited to someone with a background in security operations, combined with testing.

Responsibilities

• Operate and manage the Security Operations Centre (SOC) across multiple environments.
• Serve as a point of escalation for threat detection and response incidents.
• Monitor and analyse security alerts, events, and logs using Security Information and Event Management (SIEM) tools, with expertise in building and administration.
• Conduct penetration testing across web applications, networks, and applications to identify vulnerabilities and weaknesses.
• Perform in-depth analysis of security incidents and provide recommendations for remediation.
• Collaborate with cross-functional teams to implement security measures and ensure compliance with industry standards.
• Stay updated on emerging threats, vulnerabilities, and security technologies to enhance the overall security posture.
• Generate reports and documentation for security incidents, assessments, and recommendations.
• Conduct malware analysis/response and demonstrate strong knowledge in this domain.
• Perform network security audits or hardening.
• Point of escalation for threat analysis/response/remediation.
• Work closely with Engineers to assess and mitigate vulnerabilities.
• Develop vulnerability assessment reports and communicate findings to stakeholders.

Qualifications

• At least 6 years of experience in the security field.
• At least 4 years’ experience with SOC, Incident Response, Malware Analysis is a must.
• EDR/XDR experience across multiple tools
• Proven experience operating a Security Operations Centre (SOC) in various environments.
• Must have experience and Certification in Penetration Testing, including web, network, and application testing (e.g., eWPT, OSCP, CEPT, etc.).
• OCSP and GIAC GWAPT certified.
• OSINT Framework
• CISSP / CISA (advantage) or equivalent.
• Strong knowledge of endpoint protection software
• Hands-on experience in web application penetration testing and network penetration testing using Kali Linux.
• SIEM experience with the ability to build and administer
• Log Analysis experience, utilizing tools such as Splunk, Wireshark, NMAP, etc.
• Experience using vulnerability management tools, e.g., Nessus.
• Hands-on with OWASP, WFUZZ, Metasploit, Burp Suite, sqlbrute, sqlninja, sqlmap and other security tools.
• Experience in threat/risk management across multiple cloud platforms.
• Familiarity with security frameworks such as NIST, ISO 27001, and CIS Benchmarks
• Experience in firewall technologies (advantage), IPS/IDS, SD-WAN, SSL/IPSec VPNs, Web Filtering, and Application Control.

What We Offer

• Competitive salary and benefits package.
• Opportunities for professional growth and Fortinet certification sponsorship.
• A dynamic and collaborative work environment focused on cutting-edge cybersecurity solutions.
• Work with a team of industry experts in network security and cyber defence.

If you are passionate about security and come from a networking background, we encourage you to apply and become part of our growing team

Seniority level

• Mid-Senior level

Employment type

• Full-time

Job function

• Information Technology

Industries

• IT Services and IT Consulting

#J-18808-Ljbffr

---