backBack

Specialist, Application Security

location

Kuala Lumpur, Malaysia

permanent

Permanent

Duties & Responsibilities

  • Responsible to plan and perform regular security test, monitoring and assessment on both frontend and backend application (mobile apps)
  • Responsible to plan and perform regular review of backend API/webservices
  • Responsible to perform regular vulnerability assessment across all enterprise IT assets
  • Responsible to conduct host configuration review on existing operating systems (servers/network devices)
  • Responsible to articulate and report discovered vulnerabilities in concise manners
  • Responsible to work closely with respective stakeholders in identifying the appropriate remediation.
  • Responsible to engage third party vendor to perform regular application penetration test and facilitate security assessment
  • Working closely with Risk team to ensure regular source code security review are performed and reported
  • Responsible to follow up any application vulnerabilities until closing. Working closely with development and QA team to ensure vulnerabilities are closed in time
  • To plan and perform out-of-the-box security assessment against enterprise infrastructure to identify existing security gaps

Requirements

  • Bachelor’s degree in Computer Science, Information Security, or related technical field.
  • Minimum 5–7 years of hands-on experience in red teaming, penetration testing, or offensive security roles.
  • Strong technical expertise in:
  • Web and mobile app penetration testing (frontend/backend)
  • API and web service security testing
  • Mobile app (Android/iOS) reverse engineering and testing tools (e.g., Frida, Burp, MobSF)
  • OS and network-level assessment (Windows, Linux, network devices)
  • Secure SDLC, DevSecOps integration, and code scanning familiarity
  • Excellent scripting and automation skills (e.g., Python, Bash, PowerShell).
  • Prior experience in writing custom tools, exploits, or testing modules.
  • Strong reverse engineering skills for binaries or mobile apps.
  • Experience with CTF competitions, bug bounty, exploit development or security research publication is a plus.
  • Must be able to think out of the box, emulate real-world attacks, and identify unknown unknowns.
  • Offensive Security Certified Professional (OSCP)
  • OffSec OSWE, OSEP, or OSED
  • GIAC GPEN, GWAPT, GMOB, GXPN
  • Mobile Application Security Certification
  • Forensic related certification will be a plus.
Apply Now arrow