Security Consultant
Role Overview
We are hiring Security Consultants to deliver end-to-end security assessments for our clients. You will test a wide range of systems (applications, infrastructure, cloud, and emerging technologies) then translate technical findings into clear, actionable recommendations. This role is hands-on and client-facing, suited for someone who enjoys deep technical work and communicates professionally throughout the engagement lifecycle.
Key Responsibilities
• Deliver remote or on-site security assessments, such as Vulnerability Assessment and Penetration Testing, across varied environments such as Web/Mobile/API/Thick Client/Cloud/Network/Wireless
• Able to use industry-standard tools (e.g. Burp Suite, Nmap, Nessus and supporting utilities) for automated approaches.
• Able to perform manual testing to uncover findings that scanners and automated tooling commonly miss
• Validate and document findings clearly, and write good technical reports
• Communicate internally with team and externally with clients regarding engagement's progress and status.
• Contribute to internal quality and capability such as improving checklists/playbooks, templates, and tooling, and sharing knowledge with the team and participate in peer reviews
Required Skills & Experience
• Minimal 1 year of working experience in cybersecurity, preferably in delivering security assessments.
• Certification(s): OSCP or CREST CRT or higher.
• Familiarity with industry standards and frameworks, including OWASP Top 10 and related testing guides, MITRE ATT&CK, NIST.
• Good with using industry testing tools and workflows (e.g. Burp Suite, Nmap, Nessus) and able to go beyond tool output through manual validation.
• Comfortable in picking up new knowledge and skills to deliver security assessments for cutting-edge technology such as AI/LLM systems.
• Strong written and spoken English: Able to write clear and structured reports and able to explain complex technical issues simply and accurately.
• Professional and composed when interacting with clients during engagements.
• Self-directed and reliable, able to deliver independently while collaborating effectively within the team.
Nice to Have
• Passion for cybersecurity
• Proven hands-on experience performing security assessments such as Vulnerability Assessment, Penetration Testing, and Code Review across modern technology stacks.
• Past contributions to security research, tooling, publications, talks, CVEs or bug bounty programs.
Why Join Us?
• WFH By Default + Flexible Working Hours – Unless it is for onsite work and other business requirements.
• Strong technical team where you can exchange pointers with.
• High Technical Career Growth Potential – Technical growth of our consultants is important to us, so expect to level up a lot after joining us.
• Excellent Operational Support – As fellow practitioners, we know the usual pain points in this line of work thus extra effort is put in to make work better for everyone.
