Senior Penetration Tester
Taipei, Taiwan
StraitsX
StraitsX is the payments infrastructure for digital assets in Southeast Asia and issues XSGD, XUSD, and XIDR, the Singapore Dollar, U.S Dollar & Indonesian Rupiah stablecoins.About the Role
We are looking for a Security Engineer who will support both penetration testing efforts and in-house development of security tooling. The ideal candidate has solid programming experience and a strong foundation in identifying, analyzing, and remediating vulnerabilities across applications, networks, and systems. In addition to testing responsibilities, this role will contribute to the development and maintenance of internal InfoSec tools, and serve as a technical advisor during forensic investigations.
What You Will Do
- Conduct penetration tests on internal and external systems, applications, and infrastructure.
- Develop, improve, and maintain custom security tools for internal use.
- Provide technical expertise and guidance during forensic investigations and incident analysis.
- Document test results and forensic findings with actionable recommendations.
- Collaborate with engineering, infrastructure, and compliance teams to drive security improvements.
- Stay informed of current security trends, vulnerabilities, and exploits.
What We Are Looking For
- Bachelor's or Master's degree in Computer Science, Information Security, or related fields.
- Solid programming skills (e.g., Golang, Python, JavaScript, or others).
- Proven experience in penetration testing (web, mobile, and/or network).
- Certifications such as **OSCP** or **CREST** are mandatory.
- Knowledge of security frameworks (e.g., OWASP Top 10, NIST, CIS).
- Ability to analyze incidents and provide forensic guidance.
- Strong problem-solving and communication skills.
Nice to Haves
- Familiarity with Golang is a plus.
- Experience in code review, secure coding practices, and threat modeling.
- Additional certifications such as OSCE, CEH, or GCIH.
- Experience with CI/CD integration for security tools or automated testing.
- Exposure to cloud or container security (AWS, GCP, Docker, Kubernetes).
- Involvement in CTFs, bug bounties, or open-source security projects.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: AWS CEH CI/CD Cloud Compliance Computer Science CREST Docker Exploits GCIH GCP Golang JavaScript Kubernetes NIST OSCE OSCP OWASP Pentesting Python Vulnerabilities
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.