We are seeking an experienced Cloud Penetration Testerto join our team. The successful candidate will have expertise in cloud security, penetration testing, and vulnerability assessment. The role involves identifying and exploiting vulnerabilities in cloud-based systems, applications, and infrastructure to help our organization strengthen its cloud security posture.

Responsibilities:

• Conduct cloud penetration tests and vulnerability assessments to identify security weaknesses
• Design and implement custom exploits to test cloud security controls
• Analyze cloud security configurations and identify misconfigurations
• Develop and maintain cloud security testing tools and scripts
• Collaborate with development teams to implement secure coding practices
• Provide detailed reports and recommendations for remediation
• Stay up-to-date with emerging cloud security threats and technologies

Requirements:

• 3+ years of experience in cloud security, penetration testing, or related field
• Strong understanding of cloud platforms (AWS, Azure, GCP)
• Experience with cloud security tools and technologies (e.g., CloudWatch, CloudTrail, IAM)
• Proficiency in programming languages (e.g., Python, Bash)
• Familiarity with vulnerability scanners and penetration testing frameworks (e.g., Nmap, Nessus, Metasploit)
• Possess one (or more) of the following Security certifications (would be an added advantage):
• Offensive Security Certified Professional (OSCP) certification
• CREST Registered Penetration Tester ( CRT )
• GIAC Cloud Penetration Testing (GCPN)
• Candidates with 5 years or more experience will be considered for the Senior Consultant position who is able to lead projects
• Ability to collaborate with team members, executive tasks effectively and independently
• Strong analytical and problem-solving skills
• Possess good communication, interpersonal and reporting skills

Preferably with the following:

• Experience with DevOps and continuous integration/continuous deployment (CI/CD) pipelines
• Knowledge of cloud security compliance frameworks (e.g., PCI-DSS, HIPAA)
• Familiarity with containerization (e.g., Docker) and serverless computing

Work location: Jurong East