Assistant Vice President, GT-TSS, VAPT MY (VAPT Specialist)
Malaysia
CIMB
CIMB Group is the leading ASEAN Universal Bank and home for all your personal and business financial needs. Know more about our group here.About the Role:
We are seeking a highly skilled Vulnerability Assessment and Penetration Tester Specialist to join our cybersecurity team. The ideal candidate will have extensive experience in identifying, assessing, and mitigating security vulnerabilities across various systems, networks, and applications. This role requires a deep understanding of ethical hacking methodologies, risk assessment, and security best practices to help CIMB to strengthen it’s security posture.
Key Responsibilities:
Conduct comprehensive vulnerability assessments and penetration tests on networks, applications, cloud environments, and infrastructure.
Identify, document, and report security vulnerabilities with detailed remediation recommendations.
Perform and manage Intelligence Led Penetration Test exercises, social engineering tests, and physical security assessments when necessary.
Develop and execute custom exploits to validate security weaknesses and assess business impact.
Provide technical guidance and mentorship to junior security consultants and analysts.
Stay updated with the latest security threats, tools, and techniques to continuously improve assessment methodologies.
Work closely with development, infrastructure, and IT teams to address security gaps and improve defenses.
Assist in the development of security policies, standards, and procedures based on best practices and compliance requirements.
Present assessment findings and remediation plans to stakeholders in a clear, concise, and professional manner.
Support incident response and forensic investigations when required.
Required Skills and Qualifications:
5+ years of hands-on experience in vulnerability assessment and penetration testing.
Experience working in regulated industries (e.g., finance, healthcare, government) and compliance frameworks (BNM RMIT, ISO 27001, NIST, PCI-DSS).
Strong knowledge of ethical hacking methodologies (e.g., OWASP, PTES, NIST, MITRE ATT&CK).
Experience conducting red team assessments and adversary emulation.
Expertise in performing web application, API, mobile, network, wireless, and cloud penetration testing.
Proficiency with penetration testing tools such as Burp Suite, Metasploit, Nmap, Kali Linux, Nessus, Qualys, etc.
Experience with scripting and automation (Python, PowerShell, Bash, etc.).
Familiarity with secure coding practices and common vulnerabilities (e.g., OWASP Top 10, SANS Top 25).
Deep understanding of operating systems, networking protocols, cloud security (AWS, Azure, GCP) and AI.
Strong analytical, problem-solving, and communication skills.
Ability to write detailed reports and effectively present findings to both technical and non-technical audiences.
Understanding of DevSecOps principles and integration of security into CI/CD pipelines.
Relevant certifications such as OSCP, OSWE, OSCE, CISSP, CEH, GPEN, GWAPT, or similar are highly desirable.
Experience in developing custom exploit or original vulnerability will be an added advantage.
#LI-AZ1
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: APIs Automation AWS Azure Bash Burp Suite CEH CI/CD CISSP Cloud Compliance DevSecOps Ethical hacking Exploit Exploits Finance GCP GPEN GWAPT Incident response ISO 27001 Kali Linux Metasploit MITRE ATT&CK Nessus NIST Nmap OSCE OSCP OSWE OWASP Pentesting PowerShell Python Qualys Red team Risk assessment SANS Scripting Security assessment Vulnerabilities
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.