Specialist, Offensive Security, Cyber Security

Academic Qualifications: Bachelor's or master's degree in cyber security, engineering, or computer science.

Experience:

• At least 10 years of hands-on experience in these fields with strong knowledge of IT
• security assessment and emerging threats. Strong knowledge of exploit code development, IT
• infrastructure, system and application implementation and administration is an advantage.
• Plan, manage, and coordinate offensive security assessments across endpoints, networks, identity systems, applications, and cloud environments.
• Administer penetration testing, red‑team assessments, and security control validation exercises based on real‑world threat scenarios and threat intelligence.
• Develop and maintain adversary emulation methodologies and testing plans using frameworks such as MITRE ATT&CK and threat‑modelling practices.
• Analyze assessment findings and prepare reports with actionable recommendations to improve detection, prevention, and response capabilities.
• Collaborate with Threat Intelligence, Detection Engineering, and SOC teams to align offensive security activities with high‑risk threat actor TTPs.
• Translate threat intelligence into attack paths to validate the effectiveness of security controls and monitoring capabilities.
• Maintain procedures, methodologies, and guidelines for threat‑informed defense and security control validation.
• Engage with control owners, SOC personnel, IT teams, and other stakeholders to improve detection, response, and remediation effectiveness.
• Communicate and escalate key findings to senior management and impacted teams with structured reporting and risk prioritization.
• Manage third‑party vendors and service providers involved in offensive security assessments, ensuring performance meets SLAs and KPIs.
• Coordinate resource planning, scheduling, and tool utilisation for offensive security activities.
• Maintain accurate documentation for audit, governance, and compliance requirements related to offensive security activities.
• Monitor developments in offensive security tools, techniques, and threat actor behaviours to update testing methodologies.
• Collaborate with internal teams, industry peers, and cybersecurity communities to benchmark and improve offensive security capabilities.
• Monitor compliance with IT security policies, regulatory standards, and internal governance frameworks.
• Perform special assessments, investigations, or assignments requested by senior leadership, ensuring timely and accurate completion.
• Casual attire
• Hot desk environment
• Statutory deductions
• Commission incentives
• Annual leave
• Dental allowance
• Optical allowance
• Panel clinic
• Life insurance
• Attendance bonus
• Learning incentive
• Medical Benefits
• EPF SOCSO