CrawlJobs Logo
Citi Logo Citi · IT - Software Development

Application Penetration Tester

Singapore, Singapore · Job Posted December 31, 2025
Apply Position
Job Link Share

Job Description

We’re currently looking for a high caliber professional to join our team as AVP Application Penetration Tester based in Singapore. Being part of our team means that we’ll provide you with the resources to meet your unique needs, empower you to make healthy decision and manage your financial well-being to help plan for your future.

Job Responsibility

  • Act as a subject matter expert in offensive information security performing grey and black box application reviews, programming, networking, operating systems, and databases
  • Drive remediation by outlining a defense-in-depth approach to business stakeholders and providing strategic solutions to developers on effective security controls and counter measures
  • Report and articulate the vulnerability assessment results to any audience
  • Contribute to the review of internal processes and activities and assist in identifying potential opportunities for improvement and automation
  • Conduct vulnerability assessments on a variety of Citi applications (Web, Mobile, Thick Client, and APIs) by performing automated scan and manually identifying, researching, validating, and exploiting various known and unknown application security vulnerabilities

Requirements

  • Penetration testing expertise in application security
  • Hands-on ethical hacking using security tools (Burp Suite, AppScan, etc.)
  • Knowledge of OWASP Top 10, CWE/SANS Top 25, Threat Modeling
  • Understanding application architecture, design and functionalities
  • Strong foundation on information security
  • Experienced in application vulnerability assessment
  • Bachelor’s Degree
  • Minimum of 2 years of experience
  • Must have or be willing to obtain Industry-accredited security certifications (GIAC GWAPT, GPEN, OSCP, CISSP)
  • Strong technical writing and presentation skills

What we offer

  • Extensive on-the-job training and exposure to senior leaders
  • Traditional learning
  • Chance to give back and make a positive impact through volunteerism
  • Resources to meet your unique needs
  • Empowerment to make healthy decision and manage your financial well-being to help plan for your future
Citi - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

Application Penetration Tester

8 matching positions

Application Penetration Tester

We are looking for security engineer who loves solving interesting problems and ...
Location
Location
Poland , Warszawa
Salary
Salary:
Not provided
https://www.bosch.pl/ Logo
Robert Bosch Sp. z o.o.
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Minimum 5 years of combined experience in penetration testing and security engineering roles
  • Professional certifications such as OSCP, CEH, CISSP, CISM, or equivalent
  • Advanced level of understanding of OWASP Top 10, CVE, general security controls, and other foundational topics such as the latest web application system exploits
  • Attacker mindset for breaking the websites with practical knowledge of OWASP
  • Commanding knowledge of VAPT concepts and best practices, including the requirements for WhiteHat/ethical hacking
  • Expert understanding of the difference between a vulnerability assessment and a penetration test in the context of assessment scope, objectives, and deliverables
  • In depth experience with common automated VAPT tools such as Nessus, Burp Suite
  • Proficiency with other common attack tools and frameworks such as Wireshark, Kali, Metasploit, etc.
  • Working knowledge of DevSecOps, CIS Security benchmarks, scripting languages (Python, PowerShell, Bash) for automation
  • Fluent English (both verbal and written)
Job Responsibility
Job Responsibility
  • Black-box and Grey Box penetration test applications
  • Security testing including reverse engineering of Mobile applications (Android and iOS)
  • Create innovative attacks tools/automations for project specific needs
  • Communicate complex vulnerability results to technical and non-technical audience
  • Perform research and contribute to open-source community on new attack methodology, vulnerability findings
  • Scope penetration tests and contribute to penetration test project management
What we offer
What we offer
  • Competitive salary + annual bonus
  • Hybrid work with flexible working hours
  • Referral Bonus Program
  • Copyright costs for IT employees
  • Private medical care and life insurance
  • Cafeteria System with multiple benefits (incl. MultiSport, shopping vouchers, cinema tickets, etc.)
  • Prepaid Lunch Card
  • Number of benefits for families (for instance summer camps for kids)
  • Non-working day on the 31st of December
  • Fulltime
Read More
Arrow Right

Penetration Tester / Application Security Engineer

We are looking for a skilled Penetration Tester / Application Security Engineer ...
Location
Location
Mexico , Monterrey
Salary
Salary:
545000.00 USD / Year
realign-llc.com Logo
Realign
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Penetration testing - Kali Linux, Nessus, Code Review, SAST and DAST
  • Perform penetration testing on web applications, APIs, networks, and infrastructure using Kali Linux tools
  • Conduct vulnerability assessments using tools like Nessus and analyze risk levels
  • Perform manual and automated code reviews to identify security flaws and insecure coding practices
  • Execute SAST (Static Application Security Testing) to detect vulnerabilities in source code early in the SDLC
  • Perform DAST (Dynamic Application Security Testing) on running applications to identify runtime vulnerabilities
  • Identify and exploit security weaknesses such as OWASP Top 10 vulnerabilities
  • Document findings, create detailed penetration testing reports, and provide remediation recommendations
  • Work closely with developers, DevOps, and QA teams to fix vulnerabilities and improve secure coding practices
  • Validate fixes through re-testing and regression security testing
  • Fulltime
Read More
Arrow Right

Penetration Tester, Vector Command, Social Engineering Specialist

Do you enjoy attacking networks? Do you enjoy sifting through large amounts of a...
Location
Location
United Kingdom
Salary
Salary:
Not provided
rapid7.com Logo
Rapid7
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years in an active technical security role
  • Strong knowledge of the following: Advanced Social engineering techniques and tactics
  • Infrastructure management and deployment (domain records, web servers, terraform, ansible, phishing website creation).
  • Modern penetration testing tools and methods
  • Network, wireless and web application security concepts
  • Experience using interpreted languages (Ruby, Python, PHP, etc.)
  • Knowledge of common regulatory structures and obligations and common I.T. governance.
  • Bug Bounty experience, identifying novel vulnerabilities in arbitrary internet-facing attack surfaces
  • Certifications such as OSCP, OSCE, GXPN, OSEE, CREST
  • Experience with Red & Purple Teams
Job Responsibility
Job Responsibility
  • Design social engineering campaigns which function at scale, supporting numerous customers each month, emulating modern adversary TTPs
  • Deploy, configure, and maintain social engineering infrastructure to perform phishing operations at scale
  • Perform manual and automated reconnaissance at scale to identify targets for social engineering operations each month
  • Leverage external network vulnerabilities reported by Vector Command team members in targeted real-world social engineering attacks (incorporate subdomain takeovers, cross-site scripting, etc. into campaigns)
  • Research the latest techniques in social engineering and implement them in monthly campaigns
  • Research and test methods to bypass social engineering defenses such as email filters, download restrictions, multi-factor authentication mechanisms, etc. Be an expert in sending phishing emails which make it to the client’s inbox
  • Design and execute vishing campaigns
  • Incorporate payloads provided by the Red Team lead into phishing and vishing operations
  • Upon successful credential breach or payload execution, evaluate the impact and coordinate with Vector Command team members for post-compromise breach simulation
  • Collaborate closely with a team of Red Team operators, participating in daily meetings to establish attack objectives and operational direction
  • Fulltime
Read More
Arrow Right

Security Engineer / Penetration Tester

Conduct security audits and penetration testing on all web application projects ...
Location
Location
Vietnam , Da Nang
Salary
Salary:
Not provided
saigontechnology.com Logo
Saigon Technology
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 1-3 years of experience in application security, penetration testing, or security engineering (Junior to Middle level)
  • Solid understanding of OWASP Top 10 and common web application vulnerabilities (SQLi, XSS, CSRF, SSRF, IDOR, authentication and session flaws, insecure deserialization)
  • Hands-on experience with security testing tools such as Burp Suite, OWASP ZAP, Nmap, sqlmap, Metasploit
  • Ability to perform manual penetration testing of web applications and REST APIs (black-box and grey-box)
  • Good understanding of authentication, authorization, encryption (TLS, hashing, JWT), and secure coding principles
  • Ability to write clear, actionable security audit reports in English
  • Strong analytical and problem-solving skills, ownership mindset
Job Responsibility
Job Responsibility
  • Conduct security audits and penetration testing on all web application projects we are implementing for our clients to ensure no security risks before production release
  • Perform vulnerability assessments, security code reviews, and threat modeling across all client projects
  • Collaborate with development teams to remediate identified security issues and provide secure coding guidance
  • Document findings in detailed security audit reports with reproducible steps and recommended fixes
  • Support manager to build, maintain, and improve internal security testing checklists, tools, and processes
  • Research and keep up-to-date with the latest security threats, CVEs, and best practices
  • Support pre-release security sign-off as part of the production release process
What we offer
What we offer
  • 13th-month salary, salary review twice/year and project bonus
  • Bonus programs for candidate referral, technical article writing
  • Allowance for sickness, maternity, paternity and periodic health examination
  • PVI health care program
  • The staff of the quarter and year reward
  • A professional English-speaking working environment with Agile – Scrum model
  • Hybrid Working Model: Flexible working time and WFH support
  • Annual company trip and regular team-building parties, party celebration (Christmas, Birthday, Mid-autumn,...), Sports clubs (football, badminton, swimming …)
  • Sponsor examination fee for professional certificates (AWS, Azure, IELTS, PMP, Scrum Master,...)
  • Sponsor fee for joining any technical training sessions and courses
  • Fulltime
Read More
Arrow Right

Penetration Tester

We’re Fever, the world’s leading tech platform for culture and live entertainmen...
Location
Location
Argentina
Salary
Salary:
Not provided
https://feverup.com/fe Logo
Fever
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's or Master’s Degree in Computer Science, Information Security, or another similar relevant degree (or equivalent experience in a Cybersecurity role)
  • 4+ years of hands-on experience in the Offensive Security area, such as penetration testing
  • Strong knowledge about cloud security environments (AWS, microservices, SaaS applications, cryptography, etc)
  • Detailed knowledge of global cyber threats, including tactics, techniques, and procedures used by cyber adversaries
  • Solid understanding of hardware, web, network protocols, APIs, security issues, common attacks (OWASP Top 10), etc
  • Experience in developing security tooling and automation
  • Professional proficiency in English
  • Analytical skills, autonomy, and accountability
  • Good communication skills
Job Responsibility
Job Responsibility
  • Conducting high-quality application and infrastructure penetration tests independently, or as part of a team
  • Perform technical reviews and assessments of new systems and features
  • Document and communicate findings, including identified vulnerabilities, exploitation techniques, and recommended remediation steps in clear and concise reports
  • Coordinate and monitor the remediation of penetration testing findings
  • Effectively communicate findings at both the technical and executive levels
  • Configure and safely use hacking tools, tactics, and procedures against authorized targets
  • Contributing to team tooling, innovation, and improvements
What we offer
What we offer
  • Attractive compensation package consisting of base salary and the potential to earn a significant bonus for top performance
  • Stock options
  • Opportunity to have a real impact in a high-growth global category leader
  • 40% discount on all Fever events and experiences
  • Osde 410 as medical insurance
  • Home office friendly
  • Responsibility from day one, and professional and personal growth
  • Great work environment with a young, international team of talented people to work with
  • English Lessons
  • Gympass
  • Fulltime
Read More
Arrow Right

Cybersecurity Penetration Tester (Traditional) - SME

CYBERSECURITY PENETRATION TESTER (TRADITIONAL) - SME LOCATION: Eglin AFB, FL J...
Location
Location
United States , Eglin AFB
Salary
Salary:
Not provided
astrion.us Logo
Astrion
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Demonstrated subject matter expertise in penetration testing of DoD systems
  • depth of knowledge and operational experience rather than a specific degree or years-of-service threshold is the primary qualifying criterion
  • Active Secret clearance required
  • must be able to obtain and maintain a Top Secret clearance. U.S. Citizenship required
  • Must meet DOD 8140 Cyber Workforce Foundational Qualification requirements prior to the commencement of work
  • Expert-level proficiency with modern penetration testing tools, frameworks, and methodologies as applied to DoD operational environments
  • Advanced experience testing and exploiting web applications, including complex authentication mechanisms, API attack surfaces, and application logic flaws
  • Exceptional analytical and creative problem-solving skills, including the ability to develop novel attack paths against hardened or previously untested systems
  • Outstanding organizational, decision-making, and written and verbal communication skills - including the ability to present complex technical findings to senior DoD leadership and program offices
  • Demonstrated ability to independently lead, scope, plan, execute, and report on large-scale or high-visibility penetration test events
Job Responsibility
Job Responsibility
  • Serve as the program's primary technical authority on penetration testing, providing definitive guidance on methodology, tooling, scope, and risk assessment decisions
  • Conduct highly complex and independent penetration tests against DoD systems, networks, applications, and platforms - including novel or first-of-kind targets
  • Lead the development of advanced test tools, custom exploits, and strategic testing frameworks tailored to DoD cybersecurity evaluation requirements
  • Perform in-depth system security analysis to identify and characterize vulnerabilities across operating systems (Windows, Linux, Unix), software, and databases (Apache, SQL Server, Oracle, etc.)
  • Mentor and technically develop senior and mid-level penetration testers, elevating overall team capability and ensuring consistency of tradecraft
  • Establish and maintain quality standards for test documentation, findings reporting, and evidence collection across the team
  • Translate complex technical findings into clear, actionable reports and briefings for both technical audiences and senior non-technical DoD stakeholders (written and oral)
  • Provide authoritative technical leadership in the management, planning, and execution of Cooperative Vulnerability Identification (CVI), Adversarial Cyber Defense (ACD), and Cooperative Vulnerability and Penetration Assessment (CVPA) events
  • Collaborate directly with DoD Program Offices to define test scope, negotiate rules of engagement, assess mission risk, and present findings at program-level reviews
  • Identify and advocate for adoption of emerging tools, techniques, and threat-informed testing approaches relevant to DoD operational environments
What we offer
What we offer
  • Competitive salaries
  • Continuing education assistance
  • Professional development
  • Multiple healthcare benefits package options
  • 401K with employer matching
  • Competitive time off policy along with a federally recognized holiday schedule
  • Fulltime
Read More
Arrow Right

Senior Penetration Tester

NTT DATA Inc is expanding its internal cybersecurity capabilities and is seeking...
Location
Location
Romania , Bucuresti
Salary
Salary:
Not provided
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years in penetration testing across web apps, APIs, containers, networks, OS, databases, and cloud platforms
  • Strong experience in technical writing and producing detailed security reports
  • Deep understanding of offensive security operations and secure development practices
  • Familiar with OWASP Top 10, NIST, CIS, MITRE ATT&CK, and threat actor methodologies
  • Skilled in scripting languages: Python, PowerShell, Ruby, Bash
  • Advanced exploit development and evasion techniques
  • Proficient in tools: Kali, Metasploit, Nessus, Nuclei, Nmap, Burp Suite, PowerSploit, Impacket
  • Flexible, analytical, and adaptable
  • degree or certifications (OSCP, OSEP, etc.) preferred but not required
Job Responsibility
Job Responsibility
  • Perform network penetration, web application testing, source code reviews, threat analysis, and social-engineering assessments
  • Develop scripts, tools, or methodologies to enhance NTT DATA, Inc's Purple Team and Security Operations capabilities
  • Monitor available open source intelligence feeds for any NTT DATA related information
  • Develop detailed threat models
  • Thoroughly document techniques, tactics and proofs of concept used during security testing and red team exercises
  • Develop comprehensive and accurate reports and presentations for both technical and executive audiences
  • Fulltime
Read More
Arrow Right

Penetration Tester

We are looking for an experienced Penetration Tester to join our team. This role...
Location
Location
United States , Charleston
Salary
Salary:
Not provided
https://www.roberthalf.com Logo
Robert Half
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Minimum of 3–5 years of hands-on experience in penetration testing across various platforms and systems
  • Strong understanding of network security principles, application security, and common attack methods
  • Proficiency with tools like Burp Suite, Nmap, Metasploit, and other standard penetration testing frameworks
  • Expertise in Active Directory assessments and internal environment security
  • Solid knowledge of authentication protocols, encryption practices, and secure software development
  • Familiarity with CI/CD processes and integrating security measures into development workflows
  • Excellent communication skills, with the ability to present findings effectively to diverse audiences
  • Commitment to staying informed about the latest cybersecurity trends and technologies
Job Responsibility
Job Responsibility
  • Conduct comprehensive penetration tests on internal networks, external systems, web applications, mobile platforms, and APIs
  • Identify and analyze security vulnerabilities, providing actionable recommendations to mitigate risks
  • Utilize industry-standard tools such as Burp Suite, Nmap, Metasploit, and MobSF to perform assessments
  • Perform in-depth evaluations of Active Directory structures, including privilege escalation and lateral movement strategies
  • Assess authentication mechanisms and encryption methods to ensure secure coding practices are in place
  • Collaborate with development teams to integrate security testing tools into CI/CD pipelines
  • Prepare detailed reports on findings, presenting technical information to both technical and non-technical stakeholders
  • Stay updated on emerging attack vectors and security techniques to enhance testing methodologies
  • Assist in developing strategies to improve overall security frameworks and protocols
What we offer
What we offer
  • medical
  • vision
  • dental
  • life and disability insurance
  • company 401(k) plan
Read More
Arrow Right