Senior Security Consultant

Role overview

We are looking for a seasoned Senior Security Consultant focused on cyber offensive work to strengthen the cybersecurity team in Singapore. This position suits a hands-on practitioner who can independently run complex offensive security assignments, coach junior team members, and serve as a dependable technical advisor for clients.

The ideal hire brings substantial experience in vulnerability assessment and penetration testing (VAPT), adversarial methods, and practical exploitation across network, web, and enterprise environments. You should also be able to turn technical observations into clear risk stories and practical remediation advice.

Key responsibilities

• Plan and deliver offensive security assignments end to end, covering network, web, mobile, and infrastructure penetration testing.
• Confirm and exploit weaknesses found during testing to show their real business impact.
• Prepare detailed technical reports as well as executive summaries with clear risk explanations and remediation steps.
• Take the lead or provide senior guidance during engagements, including mentoring junior consultants and reviewing quality.
• Act as a primary technical contact for clients, including presentation of findings and discussion of fixes.
• Help refine internal test approaches, tools, and playbooks.
• Keep up to date with new threats, exploitation methods, and offensive security research.
• Support presales and scoping work by contributing technical input when needed.

Requirements

• You must be a Singapore Citizen.
• You should have at least 5 years of practical experience in offensive security, penetration testing, or red teaming.
• Mandatory certifications include OSCP, CRT, and OSWE.
• Strong working knowledge of network protocols, operating systems, Active Directory, and web application design is required.
• Solid understanding of attack techniques, common vulnerabilities, and security frameworks such as OWASP Top 10, MITRE ATT&CK, and CWE.
• You need strong hands-on capability with standard offensive security tools, along with custom scripting and automation skills.
• Must be able to analyse systems with an attacker mindset and combine multiple weaknesses into a realistic attack path.
• Excellent written and spoken communication skills are essential, especially when explaining technical risk to non-technical audiences.

Good to have

• Additional advanced offensive security certifications such as OSEP, OSED, OSCE3, CRTO, or CRTL are an advantage.
• Experience in any of the following areas is preferred: Active Directory exploitation, cloud penetration testing across AWS/Azure/GCP, adversary simulation or purple teaming, and IoT or OT security.
• Experience working on assessments for government or heavily regulated industries is beneficial.

Why join us

• Work on challenging, high-impact offensive security engagements across a variety of industries.
• Get the chance to shape technical direction, methodology, and capability building.
• Enjoy a clear route toward technical leadership and career growth.
• Join a collaborative, research-oriented environment that values learning and knowledge sharing.