Application Penetration Senior/Analyst

• Conduct comprehensive application security testing including SAST, DAST, IAST, and API security testing.
• Perform in-depth manual penetration testing to uncover complex vulnerabilities such as business logic flaws, privilege escalation paths, and chained attack scenarios.
• Identify, validate, and responsibly exploit vulnerabilities aligned to industry frameworks such as OWASP Top 10, SANS CWE Top 25, and NIST standards.
• Analyze and triage findings from automated security tools, distinguishing false positives and prioritizing critical risks.
• Collaborate with developers to provide remediation guidance and promote secure coding best practices.
• Support threat modeling and risk assessments during SDLC phases.
• Produce clear, actionable vulnerability assessment reports with risk ratings, proof-of-concept evidence, and remediation recommendations.
• Track remediation progress and partner with engineering teams to perform root cause analysis.
• Maintain up-to-date documentation of testing methodologies, frameworks, and standards.

Qualification:

• Minimum of 3 years of experience in cyber security.
• Strong understanding of web application architecture, authentication and authorization mechanisms, session management, and data flows.
• Hands-on experience with leading security tools such as:
  • Burp Suite
  • OWASP ZAP
  • Postman
  • Nessus
  • Checkmarx
  • Veracode
  • Fortify
  • SonarQube
• Experience with scripting or automation (Python, Bash, PowerShell, JavaScript).
• Familiarity with cloud security, particularly in Microsoft Azure environments.
• Strong understanding of secure coding standards and common vulnerability patterns.
• Industry certifications such as OSCP, OSWE, GPEN, GWAPT, CEH, or CSSLP.
• Knowledge of container security (Docker, Kubernetes) and microservices architecture.
• Experience integrating security testing within CI/CD pipelines.

Morgan McKinley Pte Ltd

Lim Sook Fern

EA Licence No: 11C5502 | EAP Registration No: R1106192