*Job Description*

We're looking for a Cybersecurity Analyst (VAPT-focused) who thrives at the front line of cyber defence - probing, testing, and strengthening our clients' security posture before attackers do.

This role is hands-on and consulting-oriented. You'll execute and review CREST-aligned vulnerability assessments and penetration tests, translate technical findings into meaningful business risks, and work closely with clients across regulated and non-regulated sectors in Singapore.

If you enjoy breaking things (ethically), documenting clearly, and helping organisations sleep better at night - this role was written for you.

*Key Responsibilities*

1. VAPT Execution & Delivery

• Perform network, application, cloud, and infrastructure VAPT engagements in accordance with CREST methodologies
• Conduct both automated and manual penetration testing including external and internal network testing, web and API security testing and cloud environment assessments across AWS, Azure, GCP
• Identify, validate, and exploit vulnerabilities to demonstrate real-world risk impact

2. Reporting & Review

• Produce high-quality technical and executive-level VAPT reports with risk-rated findings, clear reproduction steps and practical remediation recommendations
• Review VAPT reports prepared by peers to ensure accuracy, consistency, and CREST compliance
• Support re-testing and remediation validation engagements

3. Regulatory & Client Advisory

• Support clients in meeting requirements under MAS TRM and the Cyber Hygiene Notice, CSA guidelines and PDPA, including IM8
• Communicate findings effectively to both technical teams and senior stakeholders
• Provide consultative guidance beyond "finding vulnerabilities" - focusing on risk reduction and resilience

4. Continuous Improvement

• Stay current with emerging threats, attack techniques, and tooling
• Contribute to internal knowledge sharing, playbooks, and methodology improvements
• Mentor junior analysts where required

*Required Qualifications & Certifications*
-Mandatory Certifications

• CREST Certified Penetration Testing Analyst (CPSA)
• CREST Registered Penetration Tester (CRT)

These certifications are essential to ensure delivery quality, regulatory credibility, and alignment with client expectations in Singapore.

-Additional Recognised Certifications (Advantageous)

• OSCP / OSWE
• CEH / CHFI
• CompTIA Security+ / PenTest+
• GIAC (GPEN, GWAPT)

*Technical Skills & Tools*
Hands-on experience with the following is expected:

• Penetration Testing & VAPT Tools: Burp Suite, Metasploit, Nessus / Qualys, Nmap and Kali Linux
• Security Domains: Network and infrastructure security, web and API security and cloud security environments including AWS, Azure and GCP
• Strong understanding of: OWASP Top 10, common attack vectors and exploitation techniques, and secure configuration and remediation best practices

*Experience & Competencies*

• Minimum 2-5 years of hands-on cybersecurity or VAPT experience
• Strong analytical and problem-solving skills
• Clear, structured written communication - especially for reporting
• Confident in client-facing discussions and advisory conversations
• Comfortable working in a fast-moving, consulting-led environment

*Employment Details*

• Location: Singapore
• Employment Type: Full-time
• Work Arrangement: On-site / Hybrid (subject to project needs)

Salary range to be finalised based on experience and certifications, in accordance with MyCareersFuture requirements.

*Why Join Us*

• Exposure to diverse industries, including regulated environments
• Clear growth pathway into Senior VAPT Consultant or Lead roles
• Opportunity to sharpen both technical depth and consulting capability
• Work in a team that values quality, ethics, and professional mastery