Penetration Tester

Position Title: Penetration Testing & Vulnerability Assessment (PTVA)Department: Information SecurityLocation: Kuala LumpurRole OverviewThe PTVA PIC is responsible for coordinating and executing the bank’s penetration testing and vulnerability assessment activities. This role ensures that assessments are conducted effectively, vulnerabilities are identified and addressed, and all activities comply with regulatory and internal security requirements.Key Responsibilities1. Penetration Testing Coordination & Execution• Coordinate penetration testing engagements with external vendors, including: o Internal & External Penetration Testingo Firewall Configuration Reviewo Wireless Network Penetration Testingo Intelligence-led Red Team Exerciseso Mobile & Web Application Security Testingo Network Segmentation Validation• Define and document testing scopes in collaboration with vendors and internal teams.• Ensure testing activities comply with the bank’s security policies and regulatory guidelines.2. Vulnerability Assessment & Risk Management• Review and analyze PTVA reports to identify security gaps.• Prioritize vulnerabilities based on severity and business impact.• Escalate findings to application owners and relevant stakeholders with clear remediation guidance.• Track remediation progress and ensure timely closure.3. Security Compliance & Governance• Ensure alignment with cybersecurity standards and regulatory frameworks, including: o Bank Negara Malaysia’s RMiT Guidelineso ISO/IEC 27001o PCI DSSo NIST Cybersecurity Framework• Maintain documentation of assessments, findings, and remediation actions for audit purposes.• Support the development and enhancement of internal security policies and procedures.4. Stakeholder Engagement & Reporting• Collaborate with IT, application teams, and internal security functions to facilitate assessments and remediation.• Prepare technical and management-level reports on testing outcomes and risk posture.• Provide periodic updates and Key Risk Indicators (KRIs) to relevant stakeholders.5. Continuous Security Improvement• Stay updated on emerging threats, vulnerabilities, and penetration testing techniques.• Recommend security improvements based on assessment trends and industry best practices.Required Skills & QualificationsSolid understanding of penetration testing methodologies and frameworks (e.g., OWASP, PTES, NIST).Technical knowledge in network security, application security, wireless security, and segmentation.Ability to interpret testing results and provide actionable mitigation strategies.Familiarity with regulatory compliance standards (ISO 27001, PCI DSS, RMiT).Strong analytical and problem-solving skills.Effective communication and coordination abilities.Relevant certifications (e.g., OSCP, CEH, CRTP) are an advantage.