Penetration Tester & Vulnerability Assessment - Banking and Finance

Ready to shape the future of banking in Malaysia?

Join a financial services organisation transforming how individuals and businesses access banking solutions. Drive the delivery of innovative digital platforms, tailored products, and responsive support that simplify daily banking and help clients achieve their long-term goals. Enhance customer journeys by streamlining processes, supporting business and retail clients, and contributing to a culture of integrity, inclusivity, and growth.

Take the next step in your career and help create impactful, customer-focused financial solutions, apply now!

Responsibilities:

• Engage with external vendors to conduct penetration tests, including:
  • Internal Penetration Testing
  • External Penetration Testing
  • Firewall Review
  • Wireless Penetration Testing
  • Intelligence-led Penetration Testing
  • Mobile Application Penetration Testing
  • Network Segmentation Penetration Testing
  • Define and document the scope of assessments in collaboration with vendors and internal teams.
  • Ensure penetration testing is conducted in compliance with the bank’s security policies and regulatory requirements.
• Vulnerability Assessment & Risk Escalation
  • Review and analyze PTVA reports to identify security weaknesses.
  • Categorize and prioritize vulnerabilities based on risk severity and business impact.
  • Escalate findings to application owners and relevant stakeholders, providing necessary technical details and mitigation recommendations.
  •  Track and follow up on remediation efforts to ensure vulnerabilities are addressed within the defined timelines.
• Security Compliance & Governance
  • Ensure that all penetration testing activities comply with relevant cybersecurity standards and regulatory requirements (e.g., PCI DSS, ISO 27001, NIST, Bank Negara Malaysia guidelines).
  • Maintain detailed records of assessments, findings, and remediation actions for audit and compliance purposes.
  • Assist in developing and improving security policies and testing procedures based on assessment outcomes.
  • Prepare and report Key Risk Indicators (KRIs) related to cybersecurity to Bank Negara Malaysia (BNM), ensuring alignment with RMiT (Risk Management in Technology) guidelines.
• Collaboration & Reporting
  • Work closely with internal security teams, IT teams, and application owners to facilitate security assessments and remediation efforts.
  • Prepare detailed reports on penetration testing results, including risk analysis and recommended actions.
  • Provide management with periodic updates on the status of security assessments and remediation progress.
  • 5. Continuous Security Improvement
  • Stay updated on the latest cybersecurity threats, vulnerabilities, and best practices in penetration testing.
  • Recommend security enhancements based on PTVA findings and industry trends.

Required Skills & Qualifications:

• Strong knowledge of penetration testing methodologies, tools, and frameworks (e.g., OWASP, NIST, PTES).
• Understanding of network security, firewalls, wireless security, application security, and network segmentation.
• Ability to interpret penetration testing results and provide technical guidance for risk mitigation.
•  Familiarity with security compliance standards such as ISO 27001, PCI DSS, and NIST frameworks.
• Strong analytical and problem-solving skills.
• Effective communication skills to coordinate with vendors and internal teams.

Salary:

• Competitive salary based on experience