• Competitive
  • Singapore
  • Permanent, Full time
  • Citibank NA
  • 2018-05-24

Professional Penetration Tester (Cyber Security)

Professional Penetration Tester (Cyber Security)

  • Primary Location: Singapore,Singapore,Singapore
  • Education: Bachelor's Degree
  • Job Function: Technology
  • Schedule: Full-time
  • Shift: Day Job
  • Employee Status: Regular
  • Travel Time: No
  • Job ID: 18004481


  • Duties will include providing infrastructure and application vulnerability assessment and penetration testing services to Citi businesses globally through a comprehensive testing process, as well as identifying weaknesses and vulnerabilities within the system and proposing countermeasures
  • Typical assignments will involve testing of the overall security of critical infrastructure components and applications to ensure they comply with internal policies, security architecture best practices, and industry standards; scanning and discovering rouge hosts, networks, and devices; and scanning and discovering vulnerable systems and applications
  • The candidate will be expected to act as a subject matter expert in offensive information security including databases, networking, operating systems, applications, and programming


  • Pre-requisites for this position are at least a Bachelor's Degree with 3 - 7 years of experience on most of the following:
  • Conducting vulnerability assessments and penetration testing (application and/or infrastructure) and articulating security issues to technical and non-technical audience
  • Identifying, researching, validating, and exploiting various different known and unknown security vulnerabilities on server and client side
  • Vulnerability Assessment tools, e.g. Nessus, Qualys, etc
  • Exploitation frameworks, e.g. Metasploit, CANVAS, Core Impact
  • Social Engineering campaigns, e.g. email phishing, phone calls, SET
  • Deep understanding of OSI model
  • Security devices, e.g. Firewalls, VPN, AAA systems
  • OS Security, e.g. Unix, Linux, Windows, Cisco, etc
  • Understanding of common protocols, e.g. LDAP, SMTP, DNS, Routing Protocols
  • Web application infrastructure, e.g. Application Servers, Web Servers, Databases
  • Web development and programming languages i.e. Python, Perl, Ruby, Java, and/or .Net
  • Reporting information security vulnerabilities to businesses
  • Industry-accredited security certifications will be required (the candidate must have or be willing to obtain all of the following certifications - GIAC GXPN, GPEN, GCIH, CISSP, and CEH). Knowledge of tools and processes used to expose known and undocumented vulnerabilities in various different systems
Singapore Singapore Singapore SG