Talent.com
Lead - Penetration Tester

Lead - Penetration Tester

Axiata Digital LabsKuala Lumpur, Malaysia
30+ days ago
Job type
  • Quick Apply
Job description

Summary

You will be responsible for managing a team of penetration testers, designing and executing complex security assessments, and ensuring the security posture of critical systems and applications across our organization. You will also serve as a subject matter expert in identifying vulnerabilities, providing remediation strategies, and developing threat modeling.

Key Responsibilities

Strategic & Operational Leadership

  • Set the direction and scope of internal and external penetration testing engagements.
  • Develop, refine, and maintain the organizations penetration testing methodology.
  • Align red team activities with business objectives, risk priorities, and threat intelligence.

Team Management

  • Lead, mentor, and coach a team of penetration testers, red teamers, and offensive security analysts.
  • Conduct regular 1-on-1s, career development planning, and performance evaluations.
  • Build a collaborative and high-performing team culture with continuous skills development.

    • Planning & Execution Oversight

  • Oversee project timelines, resource allocation, and task delegation.
  • Ensure timely delivery of assessments and reporting within defined SLAs.
  • Manage team workflows using Agile or structured project management frameworks.

    • Quality Assurance & Reporting

  • Review and approve penetration testing reports for clarity, accuracy, and risk relevance.
  • Ensure all tests are conducted ethically, legally, and in line with organizational policy.
  • Maintain consistency in reporting formats, severity ratings, and risk classifications.

    • Technical Guidance & Escalation

  • Provide hands-on support in complex testing scenarios (e.g., privilege escalation, advanced persistence).
  • Serve as the go-to expert in bypassing modern defenses (EDR, WAF, MFA, etc.).
  • Troubleshoot and advise during real-time engagements or red / purple team exercises.

    • Continuous Improvement

  • Stay current with threat trends, TTPs (MITRE ATT&CK), and industry frameworks (OWASP, PTES, NIST).
  • Recommend new tools, scripts, and techniques to keep the team ahead of emerging threats.
  • Introduce automation, playbooks, and reusable exploits to improve testing efficiency.

    • Training & Development

  • Develop internal training modules, labs, and tabletop exercises.
  • Support certifications and knowledge-sharing within the team (e.g., OSCP, OSCE, CRTO).
  • Organize internal red team simulations, capture-the-flag (CTF) challenges, or lab walkthroughs.

    • Stakeholder Communication

  • Present technical findings and risk assessments clearly to non-technical stakeholders.
  • Interface with IT, development, SOC, and compliance teams to coordinate remediation efforts.
  • Participate in executive briefings or incident response drills where red team input is required.

    • Compliance & Documentation

  • Ensure testing procedures align with regulatory frameworks (ISO 27001, PCI-DSS, NIST).
  • Maintain documentation for all tools, payloads, testing infrastructure, and evidence handling.
  • Establish safe testing protocols to avoid disruption or unintentional damage during engagements.
    • Create a job alert for this search

    Penetration Tester • Kuala Lumpur, Malaysia