Security Consultant

Security Consultant (Penetration Testing, Shift-based) 

About LRQA

At LRQA our focus has always been on excellence in cyber security. We have teams that offer world class services in red teaming, penetration testing, threat intelligence, research and development, detection and response, governance, risk, and compliance, and plenty more. Our business is global and so are our clients. We work closely with central banks, central and local government, critical national infrastructure, large retailers, and plenty more besides!

We’re an award-winning provider of cyber security services and we’re at a very exciting stage of development. We are looking for the right people to join us as we embrace the challenges thrown up by the advancements within the IT industry and within the threats faced. LRQA will be at the forefront of this arena and we want to seek the right people to join the team and make it happen.

You can find out more about us at https://www.lrqa.com/en-us/cyber-security-services/.

The Role

There is a new, exciting opportunity for a Security Consultant to join LRQA’s existing dynamic Global Penetration Testing Team.

Our security consultants are responsible for leading and delivering their own penetration testing security engagements with our clients. This includes the full lifecycle of an engagement from kick off call, testing, report creation, report delivery to debrief.

This role is a shift-based role where you will be working standard (five) weekdays aligned to either standard Malaysian or UK business hours, depending on team allocation. For shifts with non-standard working hours a generous additional shift allowance is available on top of the base salary. Depending on circumstances there may be the option to move between shifts, but it is not intended to be a regular occurrence.

Location

This role follows a hybrid working arrangement and will involve working on client sites and from the office from time to time. We support remote work across Malaysia; however, the office is in Kuala Lumpur. Applicants are required to be resident in Malaysia.

What You’ll Be Doing

You will:

• Deliver penetration testing against a wide variety of systems. This is the core of the role.
• Lead or support engagement lifecycle activities such as kick-off calls, wrap up calls, status updates and debrief sessions for each penetration test you deliver.
• Produce clear and thorough reports for each engagement that demonstrate technical depth, business impact and continuous improvement through quality assurance reviews.
• Support presales activities by scoping engagements, advising principal security concerns and testing methodology.
• Build strong client relationships and ensure LRQA always delivers professional consultative style engagements.
• Stay current with emerging threats and provide technical analysis of the current IT security related events where applicable.
• Be a continuous learner, keeping up to date on a wide variety of IT Security related skills and industry knowledge.
• Mentor less experienced security consultants where appropriate.

Key Skills & Certifications

There is no single “perfect” profile. However, strong candidate will demonstrate some or most of the following:

• Hands-on experience in penetration testing.
• Be confident in at least two domains: web application, mobile application or infrastructure testing.
• You love getting involved in deep technical challenges, while at the same time being able to clearly communicate risk to both technical and non-technical audiences.
• The ability to teach and mentor other members of the team is a distinct advantage; it’s part of what makes us LRQA!
• You code open-source tools, contribute to security blogs, or participate in CTFs.
• A passion for cyber, a thirst for knowledge and a constant desire to push yourself to the max.
• In depth knowledge and understanding of applications and networking.
• A background in Information Technology, development, networking, system administration is an advantage.
• A specialisation is a distinct advantage, such as cloud penetration testing skills, exploit development, reverse engineering etc.

We value capability over credentials. We’re not looking for badge collectors. That said, one or more of the following will serve as a distinct advantage.

• A BSc degree in relevant technical discipline (or equivalent experience).
• CREST Registered Tester (CRT) or CREST Certified Tester (CCT).
• Offensive Security certifications (e.g. OSCP).
• Cloud security certifications (e.g. AWS Security Specialty / Azure AZ-500).
• Broader security certifications (e.g. CISSP / CCSP / CSK).
• Any other relevant penetration testing or IT certification.

Why Join Us?

We’ve built a team that people tend to stay with – and that’s intentional. Our cyber unit includes the full spectrum of services from SOC analysis and Incident Response through Penetration Testing, Adversarial Simulation (Red Teaming) and Threat Intelligence. There are always people available to help you and always more to learn and we have excellent and varied career progression opportunities.

We push ourselves to be excellent, so if you enjoy solving complex technical challenges and working in an environment that supports continuous development, you’ll fit right in! Please do visit our website to understand more about how we develop our people, work on cutting edge engagement and offer multiple career progression paths.

What We Offer

We offer you an exciting working environment with intellectual challenges, high levels of responsibility and client exposure and a collaborative team with strong technical depth. An attractive package is available for the right candidates.

Apply?

Interested? Apply via the ‘apply’ button with your resume and cover letter.