Test Manager - Application Security & Penetration testing

Conduct penetration testing for web, mobile, and API applications. Perform secure code reviews, software composition analysis, and container mage assurance to identify vulnerabilities early in the SDLC. Perform vulnerability assessments for applications, middleware, and supporting systems. Utilise industry-standard tools such as Burp Suite, OWASP ZAP, Fortify, Checkmarx, Black Duck, Nessus, Aqua and Qualys. Triage, validate, and prioritise security findings from security assessments. Work with development, DevOps, and infrastructure teams to ensure timely remediation. Track and report remediation progress, ensuring closure within timelines required by regulatory instruments and Technology Security Standards. Provide guidance to developers and project teams on secure coding practices. Embed application security controls and tools (SAST, DAST, SCA, IAST) into CI/CD pipelines. Maintain security documentation and provide evidence for audits and regulatory reviews. Ensure compliance with internal policies, regulatory obligations, and industry best practices. Support audits, risk assessments, and regulatory inspections involving application security. Bachelor's degree in information security, Computer Science, or related field. Professional certifications such as CREST, OSCP+, OSEP, or GPEN. 7+ years of IT security experience, with at least 4 years of direct experience in project-based and annual penetration testing for web, mobile, and API applications. Experienced in secure code reviews, software composition analysis, container image assurance, and vulnerability assessments. Strong technical knowledge of web, mobile, and API security, including OWASP Top 10 and common attack vectors. Hands-on expertise with security testing tools mentioned above. Working knowledge of MAS TRM, MAS Cyber Hygiene, and BNM RMiT requirements