PENETRATION TESTER - GOVT CLEARANCE

Job Overview

We seek a Penetration Testing with CAT1 clearance to lead VAPT for Singapore government and critical infrastructure sectors. You will execute full-scope attacks (networks, apps, cloud, OT), bypass advanced defenses, and deliver actionable remediation strategies. This role requires CREST/OSCP certification, deep exploit development skills, and experience with GovTech cybersecurity frameworks.

Core Responsibilities

Advanced Threat Emulation:

1. CAT1-cleared engagements:

2. Network: Breach segmented govt networks (e.g., air-gapped systems)

3. Applications: Exploit web/mobile apps (SCADA interfaces, GovTech portals)

4. Cloud: Attack AWS GovCloud/Azure Government environments

5. OT: ICS/SCADA system penetration (Siemens, Rockwell)

6. Develop custom malware/exploits (C++, Python) to evade EDR/XDR.

Red Team Operations:

1. Lead multi-vector campaigns:

2. Phishing (Evade Proofpoint/MS ATP)

3. Physical security bypass (RFID cloning, access control spoofing)

4. Wireless attacks (802.1X, WPA3-Enterprise)

5. Document TTPs aligned with MITRE ATT&CK for ICS/Enterprise.

Govt Compliance & Reporting:

1. Align tests with IM8, CSA Red Teaming Guidelines, and NIST SP 800-115.

2. Deliver executive briefings to CISOs with exploit demos.

3. Create remediation playbooks

Research & Development:

1. Reverse engineer firmware (Binwalk, Ghidra) for 0-day discovery.

2. Contribute to ASEAN CERT advisories (e.g., SingCERT).

Technical Requirements

Non-Negotiable Credentials

1. CAT1 Security Clearance

2. Active Certifications: OSCP or CREST CRT/CCT (Inf/App)

3. 2+ years in pentesting

Tool Proficiency

1. Exploitation - Metasploit Pro, Cobalt Strike, Burp Suite Pro, PowerSploit

2. Post-Exploit - BloodHound, Mimikatz, Impacket, Covenant C2

3. Forensics - Volatility, Wireshark, CHIRP (ICS)

4. Wireless - HackRF One, Proxmark3, Wi-Fi Pineapple

5. Cloud - Pacu (AWS), MicroBurst (Azure), GCP IAM Exploit Toolkit

Preferred Qualifications

1. Certifications: OSCE³, CREST CCT Gold, OSCP

2. Govt Framework Experience: IM8 Penetration Test Guidelines, CSA Cyber Essentials

3. Public Contributions: CVEs, exploit-db submissions, conference talks (Black Hat Asia, DEFCON)