CrawlJobs Logo

Test Manager - Application Security & Penetration Testing

Malaysia, Kuala Lumpur Employment contract · Job Posted May 17, 2026
Apply Position
Job Link Share

Job Description

The Manager, Application Security is responsible for strengthening our enterprise application security posture. This is a hands-on individual contributor role responsible for performing penetration testing, secure code review, software composition analysis, container image assurance, and vulnerability assessments, as well as managing findings and supporting compliance with financial industry regulations. The role requires strong technical expertise, practical testing skills, and familiarity with regulatory requirements such as MAS TRM Guidelines and BNM RMiT Policy Document.

Job Responsibility

  • Conduct penetration testing for web, mobile, and API applications
  • Perform secure code reviews, software composition analysis, and container image assurance to identify vulnerabilities early in the SDLC
  • Perform vulnerability assessments for applications, middleware, and supporting systems
  • Utilise industry-standard tools such as Burp Suite, OWASP ZAP, Fortify, Checkmarx, Black Duck, Nessus, Aqua and Qualys
  • Triage, validate, and prioritise security findings from security assessments
  • Work with development, DevOps, and infrastructure teams to ensure timely remediation
  • Track and report remediation progress, ensuring closure within timelines required by regulatory instruments and Technology Security Standards
  • Provide guidance to developers and project teams on secure coding practices
  • Embed application security controls and tools (SAST, DAST, SCA, IAST) into CI/CD pipelines
  • Maintain security documentation and provide evidence for audits and regulatory reviews
  • Ensure compliance with internal policies, regulatory obligations, and industry best practices
  • Support audits, risk assessments, and regulatory inspections involving application security

Requirements

  • Bachelor’s degree in information security, Computer Science, or related field
  • Professional certifications such as CREST, OSCP+, OSEP, or GPEN
  • 7+ years of IT security experience, with at least 4 years of direct experience in project-based and annual penetration testing for web, mobile, and API applications
  • Experienced in secure code reviews, software composition analysis, container image assurance, and vulnerability assessments
  • Strong technical knowledge of web, mobile, and API security, including OWASP Top 10 and common attack vectors
  • Hands-on expertise with security testing tools
  • Working knowledge of MAS TRM, MAS Cyber Hygiene, and BNM RMiT requirements

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

Test Manager - Application Security & Penetration Testing

8 matching positions

Test Manager - Application Security & Penetration testing

The Test Manager for Application Security and Penetration Testing will enhance t...
Location
Location
Malaysia , Kuala Lumpur
Salary
Salary:
Not provided
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in information security, Computer Science, or related field
  • Professional certifications such as CREST, OSCP+, OSEP, or GPEN
  • 7+ years of IT security experience, with at least 4 years of direct experience in project-based and annual penetration testing for web, mobile, and API applications
  • Experienced in secure code reviews, software composition analysis, container image assurance, and vulnerability assessments
  • Strong technical knowledge of web, mobile, and API security, including OWASP Top 10 and common attack vectors
  • Hands-on expertise with security testing tools mentioned above
  • Working knowledge of MAS TRM, MAS Cyber Hygiene, and BNM RMiT requirements
Job Responsibility
Job Responsibility
  • Conduct penetration testing for web, mobile, and API applications
  • Perform secure code reviews, software composition analysis, and container mage assurance to identify vulnerabilities early in the SDLC
  • Perform vulnerability assessments for applications, middleware, and supporting systems
  • Utilise industry-standard tools such as Burp Suite, OWASP ZAP, Fortify, Checkmarx, Black Duck, Nessus, Aqua and Qualys
  • Triage, validate, and prioritise security findings from security assessments
  • Work with development, DevOps, and infrastructure teams to ensure timely remediation
  • Track and report remediation progress, ensuring closure within timelines required by regulatory instruments and Technology Security Standards
  • Provide guidance to developers and project teams on secure coding practices
  • Embed application security controls and tools (SAST, DAST, SCA, IAST) into CI/CD pipelines
  • Maintain security documentation and provide evidence for audits and regulatory reviews
  • Fulltime
Read More
Arrow Right

Security Engineer, Application Security

As a Security Engineer, Application Security you will be responsible for identif...
Location
Location
United States , San Francisco; Seattle; New York City
Salary
Salary:
260000.00 - 385000.00 USD / Year
openai.com Logo
OpenAI
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Extensive experience in information security, cybersecurity, or a related field, with a significant portion of that experience in leadership or management roles
  • Deep understanding of security technologies, tools, and best practices, including experience with secure coding practices, threat modeling, risk assessments, and incident response
  • Experience in application security, software development, or related areas with a strong understanding of secure coding practices and application security frameworks
  • Proficiency in programming languages (such as Python, Java, C++, etc.), knowledge of security tools (e.g., Burp Suite, OWASP ZAP), and familiarity with security protocols and encryption methods
  • Strong written and verbal communication skills, with the ability to explain complex security issues to both technical and non-technical audiences
Job Responsibility
Job Responsibility
  • Perform Security Assessments: Conduct regular security assessments, code reviews, and penetration testing to identify vulnerabilities in applications and software
  • Develop and Implement Security Tools: Design, develop, and implement security tools, frameworks, and methodologies to protect applications against security threats
  • Collaborate with Development Teams: Work closely with development teams to ensure security best practices are integrated throughout the software development lifecycle (SDLC), including secure coding guidelines
  • Threat Modeling and Risk Assessment: Conduct threat modeling and risk assessments to proactively identify potential risks and develop mitigation strategies
  • Vulnerability Management: Track, analyze, and manage vulnerabilities in applications, providing guidance and support for remediation efforts
  • Incident Response Support: Assist in investigating, analyzing, and responding to security incidents related to applications, ensuring timely resolution and documentation of incidents
  • Stay Current on Security Trends: Continuously stay updated on the latest security threats, vulnerabilities, and technologies to enhance security measures in applications
What we offer
What we offer
  • Medical, dental, and vision insurance for you and your family, with employer contributions to Health Savings Accounts
  • Pre-tax accounts for Health FSA, Dependent Care FSA, and commuter expenses (parking and transit)
  • 401(k) retirement plan with employer match
  • Paid parental leave (up to 24 weeks for birth parents and 20 weeks for non-birthing parents), plus paid medical and caregiver leave (up to 8 weeks)
  • Paid time off: flexible PTO for exempt employees and up to 15 days annually for non-exempt employees
  • 13+ paid company holidays, and multiple paid coordinated company office closures throughout the year for focus and recharge, plus paid sick and safe time (1 hour per 30 hours worked)
  • Mental health and wellness support
  • Employer-paid basic life and disability coverage
  • Annual learning and development stipend to fuel your professional growth
  • Daily meals in our offices, and meal delivery credits as eligible
  • Fulltime
Read More
Arrow Right

Security Engineer, Application Security

As a Security Engineer, Application Security you will be responsible for identif...
Location
Location
United States , New York City; San Francisco; Seattle
Salary
Salary:
260000.00 - 385000.00 USD / Year
openai.com Logo
OpenAI
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Extensive experience in information security, cybersecurity, or a related field, with a significant portion of that experience in leadership or management roles
  • Deep understanding of security technologies, tools, and best practices, including experience with secure coding practices, threat modeling, risk assessments, and incident response
  • Experience in application security, software development, or related areas with a strong understanding of secure coding practices and application security frameworks
  • Proficiency in programming languages (such as Python, Java, C++, etc.), knowledge of security tools (e.g., Burp Suite, OWASP ZAP), and familiarity with security protocols and encryption methods
  • Strong written and verbal communication skills, with the ability to explain complex security issues to both technical and non-technical audiences
Job Responsibility
Job Responsibility
  • Perform Security Assessments: Conduct regular security assessments, code reviews, and penetration testing to identify vulnerabilities in applications and software
  • Develop and Implement Security Tools: Design, develop, and implement security tools, frameworks, and methodologies to protect applications against security threats
  • Collaborate with Development Teams: Work closely with development teams to ensure security best practices are integrated throughout the software development lifecycle (SDLC), including secure coding guidelines
  • Threat Modeling and Risk Assessment: Conduct threat modeling and risk assessments to proactively identify potential risks and develop mitigation strategies
  • Vulnerability Management: Track, analyze, and manage vulnerabilities in applications, providing guidance and support for remediation efforts
  • Incident Response Support: Assist in investigating, analyzing, and responding to security incidents related to applications, ensuring timely resolution and documentation of incidents
  • Stay Current on Security Trends: Continuously stay updated on the latest security threats, vulnerabilities, and technologies to enhance security measures in applications
What we offer
What we offer
  • Medical, dental, and vision insurance for you and your family, with employer contributions to Health Savings Accounts
  • Pre-tax accounts for Health FSA, Dependent Care FSA, and commuter expenses (parking and transit)
  • 401(k) retirement plan with employer match
  • Paid parental leave (up to 24 weeks for birth parents and 20 weeks for non-birthing parents), plus paid medical and caregiver leave (up to 8 weeks)
  • Paid time off: flexible PTO for exempt employees and up to 15 days annually for non-exempt employees
  • 13+ paid company holidays, and multiple paid coordinated company office closures throughout the year for focus and recharge, plus paid sick and safe time (1 hour per 30 hours worked)
  • Mental health and wellness support
  • Employer-paid basic life and disability coverage
  • Annual learning and development stipend to fuel your professional growth
  • Daily meals in our offices, and meal delivery credits as eligible
  • Fulltime
Read More
Arrow Right

Security Engineer, Application Security

As a Security Engineer, Application Security you will be responsible for identif...
Location
Location
United States , Seattle; San Francisco; New York City
Salary
Salary:
260000.00 - 385000.00 USD / Year
openai.com Logo
OpenAI
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Extensive experience in information security, cybersecurity, or a related field, with a significant portion of that experience in leadership or management roles
  • Deep understanding of security technologies, tools, and best practices, including experience with secure coding practices, threat modeling, risk assessments, and incident response
  • Experience in application security, software development, or related areas with a strong understanding of secure coding practices and application security frameworks
  • Proficiency in programming languages (such as Python, Java, C++, etc.), knowledge of security tools (e.g., Burp Suite, OWASP ZAP), and familiarity with security protocols and encryption methods
  • Strong written and verbal communication skills, with the ability to explain complex security issues to both technical and non-technical audiences
Job Responsibility
Job Responsibility
  • Perform Security Assessments: Conduct regular security assessments, code reviews, and penetration testing to identify vulnerabilities in applications and software
  • Develop and Implement Security Tools: Design, develop, and implement security tools, frameworks, and methodologies to protect applications against security threats
  • Collaborate with Development Teams: Work closely with development teams to ensure security best practices are integrated throughout the software development lifecycle (SDLC), including secure coding guidelines
  • Threat Modeling and Risk Assessment: Conduct threat modeling and risk assessments to proactively identify potential risks and develop mitigation strategies
  • Vulnerability Management: Track, analyze, and manage vulnerabilities in applications, providing guidance and support for remediation efforts
  • Incident Response Support: Assist in investigating, analyzing, and responding to security incidents related to applications, ensuring timely resolution and documentation of incidents
  • Stay Current on Security Trends: Continuously stay updated on the latest security threats, vulnerabilities, and technologies to enhance security measures in applications
What we offer
What we offer
  • Medical, dental, and vision insurance for you and your family, with employer contributions to Health Savings Accounts
  • Pre-tax accounts for Health FSA, Dependent Care FSA, and commuter expenses (parking and transit)
  • 401(k) retirement plan with employer match
  • Paid parental leave (up to 24 weeks for birth parents and 20 weeks for non-birthing parents), plus paid medical and caregiver leave (up to 8 weeks)
  • Paid time off: flexible PTO for exempt employees and up to 15 days annually for non-exempt employees
  • 13+ paid company holidays, and multiple paid coordinated company office closures throughout the year for focus and recharge, plus paid sick and safe time (1 hour per 30 hours worked)
  • Mental health and wellness support
  • Employer-paid basic life and disability coverage
  • Annual learning and development stipend to fuel your professional growth
  • Daily meals in our offices, and meal delivery credits as eligible
  • Fulltime
Read More
Arrow Right

Senior Security Engineer - Application Security

This is an opportunity to join K's critical InfoSec team as a Senior Security En...
Location
Location
United States , New York
Salary
Salary:
150000.00 - 185000.00 USD / Year
khealth.com Logo
K Health
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience in Information Security, Cloud Security, IT Security, and/or Application Security
  • Strong expertise in cloud technology (AWS, GCP, or Azure), modern programming languages, utilization of generative coding utilities, and the security implications of utilizing AI code development utilities
  • Demonstrated experience researching, establishing, and successfully rolling out enterprise-wide security policies and guidelines
  • Proven experience establishing a cutting-edge security posture, particularly within the regulated healthcare technology field
  • Excellent communication skills, capable of translating complex security risks into clear, actionable advice for technical and non-technical stakeholders
  • Expertise in compliance, security, and regulatory areas such as
  • HIPAA, PHI, AKS, SOC 2, ISO, GDPR, etc.
  • Flexibility in covering a rotation for critical on-call support responsibilities
Job Responsibility
Job Responsibility
  • Lead the development and implementation of robust application security protocols throughout the entire Software Development Lifecycle (SDLC)
  • Design, deploy, and continuously monitor cloud security architecture across our cloud environments, ensuring performance and resilience
  • Manage the security posture of K’s core IT infrastructure, internal networks, and perimeter defenses, mitigating threats before they impact operations
  • Ensure adherence to relevant healthcare regulatory and compliance requirements (e.g., HIPAA, GDPR, etc.) across all product lines and systems
  • Conduct proactive vulnerability assessments, penetration tests, and security reviews to identify and remediate potential weaknesses in our platforms
  • Collaborate with engineering teams to integrate security tools and practices into continuous integration/continuous deployment (CI/CD) pipelines
What we offer
What we offer
  • Hybrid work schedule with weekly lunches and stocked fridges
  • Monthly social committees for company events
  • 18 vacation days, 9 company holidays, 5 sick days, and 2 personal days
  • Stock options for every full-time employee
  • Paid parental leave
  • 401k benefit
  • Commuter Benefits
  • Competitive health, dental, and vision insurance options
  • Fulltime
Read More
Arrow Right
New

Cyber Security Manager

Robert Half is proactively recruiting experienced Cyber Security Managers for up...
Location
Location
United States , Charlotte
Salary
Salary:
Not provided
https://www.roberthalf.com Logo
Robert Half
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of hands-on experience in cybersecurity, systems administration, or network administration
  • Strong background securing Windows and Linux server environments
  • Experience with Microsoft technologies including Azure, Microsoft 365, Defender, Intune, Active Directory, and Azure AD
  • Hands-on experience with SIEM platforms, incident response, vulnerability management, and endpoint security
  • Strong understanding of firewall technologies, network security, VPNs, and infrastructure hardening
  • Experience securing cloud and hybrid enterprise environments
  • Knowledge of compliance frameworks such as NIST, CJIS, CIS Controls, or similar
  • Strong troubleshooting, analytical, and problem-solving skills
  • Previous leadership, supervisory, or project leadership experience
  • Excellent communication skills with both technical and non-technical stakeholders
Job Responsibility
Job Responsibility
  • Lead enterprise cybersecurity operations across on-premises, hybrid, and cloud environments
  • Monitor and manage security tools including SIEM platforms, endpoint protection, firewalls, and cloud security solutions
  • Lead incident response efforts, conduct investigations, and coordinate remediation activities
  • Oversee vulnerability management, security patching, and risk mitigation initiatives
  • Administer and harden Windows, Linux, cloud, and network environments
  • Manage firewall, VPN, endpoint, identity, and cloud security configurations
  • Develop, maintain, and enforce security policies, standards, and best practices
  • Conduct security audits, penetration testing, risk assessments, and compliance reviews
  • Protect sensitive organizational data through Data Loss Prevention (DLP) and information security controls
  • Collaborate with infrastructure, networking, cloud, and application teams to strengthen enterprise security
What we offer
What we offer
  • medical
  • vision
  • dental
  • life and disability insurance
  • 401(k) plan
  • free online training
  • Fulltime
Read More
Arrow Right

Web Application Security Engineer

Our security team is looking for a Web Application Security Engineer to help ass...
Location
Location
Tunisia , Tunis
Salary
Salary:
Not provided
medius.com Logo
Medius
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Engineering degree in Computer Science or related field, or equivalent work experience.
  • Minimum of 5 years of experience with any combination of the following: threat modeling experience, secure coding, pentesting, identity management and authentication, software development, system and network security, authentication and security protocols, cryptography, and application security
  • Strong understanding of web application vulnerabilities and remediation (OWASP Top10, OWASP Top 10 for LLM, OWASP Top 10 for API, SANS/CWE Top 25)
  • Proven experience in conducting security assessments, penetration testing, and vulnerability management for web applications
Job Responsibility
Job Responsibility
  • Security by design product features review
  • DevSecOps enforcement
  • Threat modelling
  • SAST and DAST scanning
  • Penetration testing
  • Security training and outreach to development teams
  • Secure development guidance documentation
  • Security tools assessment and development
  • Document security assessments, test results, and remediation plans for internal and external stakeholders
  • Provide regular reports on the security posture of web applications, including vulnerability metrics and risk assessments.
  • Fulltime
Read More
Arrow Right

Client Information Security Manager (ISM)

The NTT DATA Services Information Security Manager (ISM) oversees and coordinate...
Location
Location
United States , Plano
Salary
Salary:
Not provided
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 12+ years of relevant experience
  • Strong knowledge of standards / regulations impacting information security (e.g., NIST, ISO, PCI)
  • Experience with information security internal & external audits, contract compliance, and quality initiatives
  • Significant experience in identifying and utilizing a global risk based management model.
Job Responsibility
Job Responsibility
  • Ensure the delivery of information security services to the customer is in compliance with the contract and any applicable standards and regulatory requirements (e.g., PCI, SOX)
  • Collaborate with the client in the definition and implementation of information security policies, strategies, procedures and configurations in order to ensure confidentiality, integrity and availability of client’s environment and data
  • Participate with the customer in the strategic design process to translate security and business requirements into processes and systems
  • Evaluate new / emerging security products and technologies and make recommendations to customer leadership in regards to the security posture impact on the organization
  • Identify, review and recommend information security improvements as they relate to the achievement of the customer’s business goals and objectives
  • Manage and drive remediation efforts related to information security
  • remediation may be from incidents, penetration tests, vulnerability scans, internal/external audits and Critical Practice assessments
  • Identify information security weaknesses and/or gaps in the customer’s current operations and work with the customer to bring information security operations up to standards
  • Participate and represent IT Security in Delivery/Operational meetings
  • conduct an information security operational review meeting with account (e.g., Customer Delivery Executive) and customer (e.g., CISO) key stakeholders with topics including information security status and performance
  • Fulltime
Read More
Arrow Right