Security Testing Lead or Specialist

We are seeking an experienced Security Testing Lead to establish, drive, and oversee the organisation’s security testing strategy across applications, infrastructure, cloud, and digital platforms. This role will be responsible for leading penetration testing, red teaming, vulnerability validation, and security assessment initiatives to proactively identify and mitigate security risks.

Tanggung jawab:

Security Testing Strategy & Governance

• Develop and implement the enterprise-wide security testing strategy and framework
• Define testing standards, methodologies, and scope aligned with industry frameworks (e.g., NIST, OWASP, MITRE ATT&CK)
• Establish governance processes for vulnerability validation, remediation tracking, and risk acceptance
• Ensure security testing coverage across applications, infrastructure, APIs, cloud, and emerging technologies

Penetration Testing & Red Teaming

• Lead and coordinate internal and external penetration testing engagements
• Oversee red team exercises simulating real-world attack scenarios
• Validate detection and response effectiveness in collaboration with SOC / Blue Teams
• Provide technical oversight for advanced exploitation techniques and attack simulations

Application & Cloud Security Testing

• Conduct and review security assessments for web, mobile, APIs, and cloud-native applications
• Guide secure SDLC integration including SAST, DAST, and IAST practices
• Assess cloud security posture across AWS / Azure / GCP environments
• Identify misconfigurations and architectural weaknesses in hybrid environments

Vulnerability Management & Risk Prioritisation

• Provide risk-based validation of vulnerabilities identified via scanning tools
• Prioritise findings based on exploitability, business impact, and threat intelligence
• Work closely with engineering and infrastructure teams to ensure timely remediation
• Track and report remediation metrics to senior stakeholders

Stakeholder Management & Advisory

• Translate technical findings into actionable risk insights for senior management
• Advise application and infrastructure owners on remediation strategies
• Support regulatory audits and security assurance initiatives
• Collaborate with GRC teams to align testing outcomes with compliance requirements

Persyaratan:

• 8-12 years of experience in cybersecurity, with strong focus on penetration testing and offensive security
• Proven experience leading security testing engagements in enterprise environments
• Experience in regulated industries (e.g., Financial Services, Healthcare, Public Sector) preferred

Technical Expertise

• Strong hands-on expertise in:
  • Web and API penetration testing
  • Infrastructure and network testing
  • Cloud security testing (AWS / Azure / GCP)
  • Red teaming and adversary simulation
• Deep understanding of:
  • OWASP Top 10
  • MITRE ATT&CK framework
  • Exploit development and attack techniques
  • Secure SDLC practices

Untuk mendaftar:

If you’re interested to apply or find out more, please share across your CV or reach out to Chen Yi at cy@kerryconsulting.com for a discussion. Due to anticipated high volume of applications, we regret to inform that only shortlisted candidates will be notified.

Reg: R1876389

Lisensi: 16S8060