Ensign is hiring !
Duties and Responsibilities
- Deliver Vulnerability Management as a Service (VMaaS) as a dedicated consultant: recurring scanning, finding validation, risk-based prioritisation, and remediation reporting to the client.
- Perform vulnerability assessments and penetration testing across a range of technologies including Network, Web, Mobile, Thick Client, and Cloud.
- Review and assure the quality of VAPT deliverables produced by the team before client release.
- Act as first responder for Incident Response engagements: triage, containment, forensic analysis, and threat hunting.
- Support presales activities, including client scoping discussions, technical solutioning, effort sizing, and proposal drafting.
- Mentor consultants on technical execution and on clear communication of vulnerabilities and remediation to clients.
Requirements
- Familiarity with cyber security principles (networking, web, mobile, vulnerability classes) and industry frameworks (OWASP Top 10, MITRE ATT&CK).
- Experienced in consulting, both internal and client facing.
- Ability to independently lead an engagement and communicate with clients.
- Familiar with scripting languages such as Python, Bash, and PowerShell.
- Hold relevant offensive and defensive cybersecurity certifications.
- Ability to travel overseas when required.
Preferred Qualifications / Skills
- At least 10 years of information security experience across offensive and defensive work.
- Offensive certifications: OSCP, OSCE, OSWP. Defensive and IR certifications: OSTH, OSIR, GCIH, GSEC.
- Proficient with security testing tools such as Nessus, Burp Suite, and Frida.
- Mobile application security testing for Android and iOS, delivered to OJK compliance standard.
- Incident handling, malware analysis, and threat hunting experience.
- Track record building and leading a Security Operations Centre (SOC).
- Proven trainer and mentor able to grow local team capability.