Penetration Tester / Red Team Engineer

Assurity Trusted Solutions (ATS) is a wholly owned subsidiary of the Government Technology Agency (GovTech). As a Trusted Partner over the last decade. ATS offers a comprehensive suite of products and services ranging from infrastructure and operational services, governance and assurance services as well as managed processes. In a dynamic digital & cyber landscape where trust & collaboration is key, ATS continues to drive mutually beneficial business outcomes through collaboration with GovTech, government agencies and commercial partners to mitigate cyber risks and bolster security postures.

Key responsibilities:

• Lead penetration testing and red teaming for systems under the CISO’s remit, covering both corporate systems and internal product teams.
• Plan and execute tests for:
• Web, cloud, network and API applications,
• Cloud workloads (e.g. government cloud platforms, containerised workloads, CI/CD paths),
• Data platforms (e.g. data lakes / lakehouses and large-scale analytics platforms),
• Enterprise / internal platforms (e.g. identity, collaboration, and developer tooling, as well as other approved SaaS).
• Identify and validate end-to-end attack paths across identity, endpoints, networks, data platforms and SaaS integrations; document realistic threat scenarios and impact.
• Manage PT engagements with external vendors / programmes (including GBBP or similar):
• Define rules of engagement and scope,
• Prepare environments and access,
• Review reports for depth and quality and consolidate findings for product owners.
• Produce clear, prioritised reports and briefings for engineering teams and management, and support remediation planning, retesting and closure.
• Design and own standard PT environment patterns, including:
• PT workstations and hardened images,
• Appropriate network zones and access controls,
• Realistic but non-sensitive test tenants and seeded datasets.
• Work with infra and central engineering teams to integrate PT tooling and automation where appropriate and ensure sufficient logging / telemetry for red and purple teaming.
• Co-author PT / red team policies and standards within Govtech, and act as implementation lead for product teams.
• Translate policy into practical guidance, templates and checklists so product and platform teams can plan and execute PT in a consistent, compliant way.

• Experience: At least 2 years of hands-on penetration testing (web and API), with exposure to cloud-native / containerised applications, data platforms and/or enterprise SaaS; experience working with SOC or on purple teaming is a plus.
• Technical skills: Strong grasp of common attack techniques (e.g. OWASP, cloud/API), solid PT tooling skills, and working knowledge of web, network and cloud security; able to read and reason about code and infrastructure.
• Qualifications: OSCP is required (or clearly equivalent demonstrated skill level); other offensive or cloud security certifications are a plus.
• Personal attributes: Clear communicator, comfortable operating as an individual contributor while influencing cross-functional teams, with high integrity and a pragmatic, outcome-focused mindset.

Join us and discover a meaningful and exciting career with Assurity Trusted Solutions!

The remuneration package will commensurate with your qualifications and experience. Interested applicants, please click "Apply Now".

We thank you for your interest and please note that only shortlisted candidates will be notified.

By submitting your application, you agree that your personal data may be collected, used and disclosed by Assurity Trusted Solutions Pte. Ltd. (ATS), GovTech and their service providers and agents in accordance with ATS’s privacy statement which can be found at: https://www.assurity.sg/ or such other successor site.

• A wholly-owned subsidiary of GovTech.
• We promote a learning culture and encourage you to grow and learn.
• Contract Staff enjoys the same benefits as Permanent Employees.