Manager (Penetration Test & Vulnerability Assessment) - DIS

What The Role Is You play a pivotal role in safeguarding Singapore’s defence and security interests by conducting comprehensive Penetration Testing (PT), Vulnerability Assessments (VA), and Source Code Security Reviews on IT assets, including infrastructure, web applications, and military applications. What You Will Be Working On • Conduct comprehensive Penetration Testing (PT), Vulnerability Assessments (VA), and Source Code Security Reviews on IT assets, including infrastructure, web applications, and military applications • Develop tailored security assessment tools and scripts to enhance testing capabilities and address evolving threat vectors • Document findings, conduct analysis, and prepare detailed technical reports, including executive summaries for various stakeholders • Collaborate with security engineers, developers, and other stakeholders to provide actionable guidance on remediating identified security risks and vulnerabilities • Provide expertise in the design and implementation of security controls across applications, infrastructure, and network systems • Develop and deliver specialised training and awareness programs to elevate the cybersecurity capabilities of the SAF personnel, with opportunities for growth in leadership and knowledge-sharing in the military cybersecurity context • Maintain up-to-date knowledge of emerging threats, security best practices, and industry-standard frameworks Challenge(s) • Maintaining consistent quality under time pressure • Quickly learning and troubleshooting various tools and platforms What We Are Looking For • Education in Information Security, Computer Science, IT or a related field • Industry-recognised certifications such as CREST CRT, GPEN, or OSCP • At least 1 year of hands-on experience in conducting PT and VA, with a strong preference for experience in military or government-focused penetration testing • Experience conducting security assessments on application infrastructure, networks, and cloud-based systems • Strong understanding of web application, infrastructure, and network security architecture • Excellent communication and presentation skills, with a focus on conveying complex security findings to both technical and non-technical stakeholders • Ability to work independently and collaboratively within cross-functional teams • Highly analytical, self-driven, and committed to continuous learning and skill enhancement • Proficiency in scripting languages, such as Python, PowerShell, JavaScript, VBScript, Ruby, or Perl • Track record of identifying and disclosing vulnerabilities or recognition in Capture-The-Flag (CTF) competitions • Proficiency with tools such as BurpSuite, Metasploit, Nexpose, Nessus, and other industry-standard penetration testing and vulnerability assessment tools Appointment will be commensurate with your experience. Only shortlisted candidates will be notified.