• Job Description*
We’re looking for a Cybersecurity Analyst (VAPT-focused) who thrives at the front line of cyber defence — probing, testing, and strengthening our clients’ security posture before attackers do.
This role is hands-on and consulting-oriented. You’ll execute and review CREST-aligned vulnerability assessments and penetration tests, translate technical findings into meaningful business risks, and work closely with clients across regulated and non-regulated sectors in Singapore.
If you enjoy breaking things (ethically), documenting clearly, and helping organisations sleep better at night — this role was written for you.
• Key Responsibilities*
1. VAPT Execution & Delivery
• Perform network, application, cloud, and infrastructure VAPT engagements in accordance with CREST methodologies
• Conduct both automated and manual penetration testing including external and internal network testing, web and API security testing and cloud environment assessments across AWS, Azure, GCP
• Identify, validate, and exploit vulnerabilities to demonstrate real-world risk impact
2. Reporting & Review
• Produce high-quality technical and executive-level VAPT reports with risk-rated findings, clear reproduction steps and practical remediation recommendations
• Review VAPT reports prepared by peers to ensure accuracy, consistency, and CREST compliance
• Support re-testing and remediation validation engagements
3. Regulatory & Client Advisory
• Support clients in meeting requirements under MAS TRM and the Cyber Hygiene Notice, CSA guidelines and PDPA, including IM8
• Communicate findings effectively to both technical teams and senior stakeholders
• Provide consultative guidance beyond “finding vulnerabilities” — focusing on risk reduction and resilience
4. Continuous Improvement
• Stay current with emerging threats, attack techniques, and tooling
• Contribute to internal knowledge sharing, playbooks, and methodology improvements
• Mentor junior analysts where required
• Required Qualifications & Certifications*
-Mandatory Certifications
• CREST Certified Penetration Testing Analyst (CPSA)
• CREST Registered Penetration Tester (CRT)
These certifications are essential to ensure delivery quality, regulatory credibility, and alignment with client expectations in Singapore.
-Additional Recognised Certifications (Advantageous)
• OSCP / OSWE
• CEH / CHFI
• CompTIA Security+ / PenTest+
• GIAC (GPEN, GWAPT)
• Technical Skills & Tools*
Hands-on experience with the following is expected:
• Penetration Testing & VAPT Tools: Burp Suite, Metasploit, Nessus / Qualys, Nmap and Kali Linux
• Security Domains: Network and infrastructure security, web and API security and cloud security environments including AWS, Azure and GCP
• Strong understanding of: OWASP Top 10, common attack vectors and exploitation techniques, and secure configuration and remediation best practices
• Experience & Competencies*
• Minimum 2–5 years of hands-on cybersecurity or VAPT experience
• Strong analytical and problem-solving skills
• Clear, structured written communication — especially for reporting
• Confident in client-facing discussions and advisory conversations
• Comfortable working in a fast-moving, consulting-led environment
• Employment Details*
• Location: Singapore
• Employment Type: Full-time
• Work Arrangement: On-site / Hybrid (subject to project needs)
Salary range to be finalised based on experience and certifications, in accordance with MyCareersFuture requirements.
• Why Join Us*
• Exposure to diverse industries, including regulated environments
• Clear growth pathway into Senior VAPT Consultant or Lead roles
• Opportunity to sharpen both technical depth and consulting capability
• Work in a team that values quality, ethics, and professional mastery
