Penetration Testing Engineer

Security Department Remote / Singapore Full-time

Responsibilities

  • Lead and execute full-scope Red Team operations and adversary simulations to assess the organization's overall security posture, physical security, and employee security awareness/resilience.
  • Perform advanced Active Directory (AD) and enterprise network penetration testing, identifying complex attack paths, and executing lateral movement and privilege escalation.
  • Conduct penetration testing on Web, mobile applications, internal/external infrastructure, source code audits, and advanced social engineering assessments.
  • Design, deploy, and maintain covert Command and Control (C2) infrastructure; develop custom payloads/tools to bypass modern endpoint protections (AV/EDR).
  • Research new attack vectors, zero-day vulnerabilities, and stay up-to-date with the latest APT Tactics, Techniques, and Procedures (TTPs) based on the MITRE ATT&CK framework.
  • Serve as a mentor to junior team members and provide training on standard security testing techniques and secure software development for QA and development teams.
  • Provide strategic mitigation and remediation guidance to business units and engineering teams based on security findings.

Requirements

  • 3+ years of experience in offensive security, with at least 1+ years specifically dedicated to Red Teaming, advanced penetration testing, or APT simulation.
  • Deep understanding and hands-on experience with Active Directory (AD) exploitation, including Kerberos attacks (Kerberoasting, AS-REP Roasting), Pass-the-Hash/Ticket, DCSync, DCShadow, Silver/Golden Tickets, and abusing AD Certificate Services (AD CS).
  • Proficiency in using and modifying AD enumeration and exploitation tools (e.g., BloodHound, Rubeus, Mimikatz, Impacket).
  • Experience with Command and Control (C2) frameworks (e.g., Cobalt Strike, Sliver, Mythic, Brute Ratel) and techniques for evading EDR/XDR (e.g., LotL techniques, API unhooking, AMSI bypass).
  • Hands-on experience in security testing for Web apps, Web services, mobile apps, APIs, and securing REST APIs.
  • Experience in using and implementing SAST/DAST tools (e.g., Fortify, Veracode, Checkmarx, or similar).
  • In-depth understanding of standard security vulnerabilities and common remediation strategies published by OWASP, SANS, etc., and familiarity with secure coding practices.
  • Ability to conduct continuous security research and stay abreast of the latest vulnerabilities, exploit development, and testing tools.
  • Ability to write detailed, professional documentation/reports for both executive and technical audiences, clearly communicating vulnerability details, attack narratives, and remediation steps.
  • Capable of managing multiple projects simultaneously, leading live-fire exercises, and dedicated to delivering excellent client service.
  • Strong programming/scripting skills in Python, C/C++, or Go for custom tool development and exploit modification.
  • Ability to work in a team-centric environment, possessing exceptional critical thinking, analytical skills, and an "attacker's mindset."
  • Extensive experience in executing white-box, grey-box, or black-box security posture assessments and delivering detailed reports with findings and actionable recommendations.

Nice to Have

  • Familiarity with Cloud Security, especially AWS/Azure/GCP security concepts and cloud-native exploitation.
  • Holding advanced offensive security certifications such as OSCP, OSEP, CRTO, CRTP, OSWE, or OSCE3.

Compensation & Benefits

  • Competitive salary range: negotiable based on experience.
  • Remote-friendly work environment with flexible hours.
  • Professional development budget for courses, conferences, and certifications.
  • Health insurance coverage and annual leave package.

Work Location

Remote / Singapore — Open to candidates worldwide with overlapping working hours with the Singapore team.

How to Apply

Please send your resume and a brief cover letter to aegisopsc2001@gmail.com with the subject line "Pentest Engineer Application". We look forward to hearing from you!

Apply Now