Penetration Tester

Who we are

S-RM is a global intelligence and cyber security consultancy. Since 2005 weve helped some of the most demanding clients in the world solve some of their toughest information security challenges.

Weve been able to do this because of our outstanding people. Were committed to developing sharp curious driven individuals who want to think critically solve complex problems and achieve success.

But we also know that work isnt everything. Its about the lives and careers it helps us build. Were immensely proud of thiscultureand we invest in our peoples wellbeing learning and ideas every day.

Were excited youre thinking about joining us.

Working in cyber at S-RM

Our Cyber Security team is the fastest-growing part of S-RM. The cyber sector is always evolving andourManaged ServicesRisk & Resilience andIncident Responsepractices are in more demand than ever.

Were building a team to meet this challenge. Were quick to respond innovate and improve. We dont get too hung up on hierarchy or bureaucracy. If your ideas are good enough well empower you to implement them. If youre the best person to talk to a customer youll get that opportunity regardless of the title in your email signature. And when you need a hand your team will always have your back.

We also dont believe theres a typical cyber security professional. Weve built a team of intelligence analysts technical specialists software developers investigators risk managers and more. Youll always find a range of perspectives and expertise to help you learn and grow.

If that sounds like your kind of team wed like to hear from you.

The role

Offensive Security Analysts support our delivery consultants running our offensive security services. They help to interpret client challenges innovate solutions and deliver findings. Our aim is to become trusted advisors to our clients.

You will work across the full spectrum of our pentesting services whether point in time or continuous as well as participate in larger engagements such as red teams. You will help our clients to build cyber resilience enhance their understanding of the threat landscape and become better prepared to face dynamic and evolving security risks.

1.1 MAIN DUTIES AND RESPONSIBILITIES

Client Engagement and Account Management

• Engage with clients to understand their cyber security challenges

• Translate client challenges into solutions that fit S-RMs Offensive Security service offering and value proposition

• Develop an understanding of delivery timelines project resourcing requirements and pricing

• Understand S-RMs proposal process and lead on proposal writing and presentations in some cases

• Contribute to the expansion of client accounts and winning of new business

• Gain an understanding of S-RMs target sectors and industries

Offensive Security

• Penetration testing

  • Vulnerability assessments and monitoring

  • External infrastructure

  • External Attack Surface Management

  • Web application

  • API pentesting

  • Phishing and spear phishing

  • Internal pentesting

  • Mobile application pentesting (Android and iOS)

  • OT Pentesting

  • IOT Pentesting

  • Cloud Pentesting

  • Open-Source Intelligence (OSINT) gathering

• Configuration Reviews

  • Cloud configuration review

  • Application configuration review

  • Hardware build review

  • Firewall review

• Delivery & Client communications

  • Deliver findings in a range of formats including written reports presentations and verbal briefings

• Threat Intelligence

  • Keep abreast of threat intelligence developments threat actor activity and security industry developments in mitigations and tooling

  • Develop and deliver client threat profiles threat assessments and dark web analysis

Project Management

• Support vCISO engagements accessing the full range of S-RMs resources and expertise

• Collaborate with incident response ethical hacking and digital forensics teams to integrate our services and support to clients

• Support the delivery of retainer relationships

• Support the delivery of the Attack Surface Management (ASM) service

Internal Initiatives and Strategy

• Support internal initiatives on product development process management tech enablement efficiency and exploring different ways to support clients

• Contribute to the adaption of security frameworks to create innovative products

• Challenge received wisdom and existing products and services. Suggest alternative approaches where appropriate

  • Develop documentation and evolve the testing methodologies where applicable

Professional Development and Domain Knowledge

• Commit to continuous professional development and personal knowledge improvement across the full range of cyber security competencies in line with personal utilisation targets (see Objectives)

• Complete up to one formal training course over the financial year. This is beyond internal training sessions

• Share knowledge with the wider team in line with company values including contributing to internal training initiatives and programmes

Our benefits

We offer thoughtful balanced rewards and support to help our people do their best work and live their lives outside it including:

• 20 days paid holiday each year: in addition to public holidays as well as 1 additional day of leave for every year you work at S-RM up to a maximum of 5 days.
• Flexible working: work a minimum of two days a week in the office and the remainder remotely choose your hours between 7am and 7pm.
• Pension scheme: S-RM contributes to Employees Provident Fund (EPF) in accordance with legislative requirements.
• Life Insurance: help someone you love should something happen to you. (Further details coming soon.)
• Company-paid private medical and dental insurance. (Further details coming soon.)
• Company-paid maternity paternity and fertility treatment leave.
• Employee Assistance Programme: free access to specialist support services including counselling as well as an online portal of useful articles tips and tools. Available 24/7 365 days a year.
  
  The role will be based in our office in Kuala Lumpur. However we have flexible working arrangements available.