Talent.com
This job offer is not available in your country.
PENETRATION TESTER - YY SMART TECH PTE. LTD.

PENETRATION TESTER - YY SMART TECH PTE. LTD.

YY SMART TECH PTE. LTD.D14 Geylang, Eunos, SG
10 days ago
Job description

Roles & Responsibilities

Job Overview

We are seeking for a Penetration Tester with CAT1 Security Clearance to lead VAPT for Singapore government and critical infrastructure sectors. You will execute full-scope attacks (networks, apps, cloud, OT), bypass advanced defenses, and deliver actionable remediation strategies.

This role requires CREST / OSCP certification, deep exploit development skills, and experience with GovTech cybersecurity frameworks.

Core Responsibilities

Advanced Threat Emulation :

  • CAT1-cleared engagements :
  • Network : Breach segmented govt networks (e.g., air-gapped systems)
  • Applications : Exploit web / mobile apps (SCADA interfaces, GovTech portals)
  • Cloud : Attack AWS GovCloud / Azure Government environments
  • OT : ICS / SCADA system penetration (Siemens, Rockwell)
  • Develop custom malware / exploits (C++, Python) to evade EDR / XDR.

Red Team Operations :

  • Lead multi-vector campaigns :
  • Phishing (Evade Proofpoint / MS ATP)
  • Physical security bypass (RFID cloning, access control spoofing)
  • Wireless attacks (802.1X, WPA3-Enterprise)
  • Document TTPs aligned with MITRE ATT&CK for ICS / Enterprise.

    • Govt Compliance & Reporting :

  • Align tests with IM8, CSA Red Teaming Guidelines, and NIST SP 800-115.
  • Deliver executive briefings to CISOs with exploit demos.
  • Create remediation playbooks

    • Research & Development :

  • Reverse engineer firmware (Binwalk, Ghidra) for 0-day discovery.
  • Contribute to ASEAN CERT advisories (e.g., SingCERT).

    • Technical Requirements

    Non-Negotiable Credentials :

  • CAT1 Security Clearance
  • Active Certifications : OSCP or CREST CRT / CCT (Inf / App)
  • 2+ years in pentesting

    • Tool Proficiency

  • Exploitation - Metasploit Pro, Cobalt Strike, Burp Suite Pro, PowerSploit
  • Post-Exploit - BloodHound, Mimikatz, Impacket, Covenant C2
  • Forensics - Volatility, Wireshark, CHIRP (ICS)
  • Wireless - HackRF One, Proxmark3, Wi-Fi Pineapple
  • Cloud - Pacu (AWS), MicroBurst (Azure), GCP IAM Exploit Toolkit

    • Preferred Qualifications

  • Certifications : OSCE³, CREST CCT Gold, OSCP
  • Govt Framework Experience : IM8 Penetration Test Guidelines, CSA Cyber Essentials
  • Public Contributions : CVEs, exploit-db submissions, conference talks (Black Hat Asia, DEFCON)

    • Tell employers what skills you have

    Security Clearance

    Remediation

    Wireshark

    Exploitation

    Physical Security

    Wireless

    Access Control

    SCADA

    Phishing

    Gold

    Penetration Testing

    Python

    Firmware

    GCP

    Burp Suite

    Create a job alert for this search

    Penetration Tester • D14 Geylang, Eunos, SG