Y-Axis Jobs Logo
Send us feedback
telephone  +91 7670 800 001
Log in Sign up Try Premium
Test Manager - Application Security & Penetration testing at NTT DATA
Kuala Lumpur, Kuala Lumpur, Malaysia -
Full Time

Start Date

Immediate

Expiry Date

16 Mar, 26

Salary

0.0

Posted On

16 Dec, 25

Experience

5 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

No

Skills

Penetration Testing, Secure Code Reviews, Software Composition Analysis, Container Image Assurance, Vulnerability Assessments, Burp Suite, OWASP ZAP, Fortify, Checkmarx, Black Duck, Nessus, Aqua, Qualys, Secure Coding Practices, CI/CD Pipelines, Regulatory Compliance, Risk Assessments

Industry

IT Services and IT Consulting

Description
Conduct penetration testing for web, mobile, and API applications. Perform secure code reviews, software composition analysis, and container mage assurance to identify vulnerabilities early in the SDLC. Perform vulnerability assessments for applications, middleware, and supporting systems. Utilise industry-standard tools such as Burp Suite, OWASP ZAP, Fortify, Checkmarx, Black Duck, Nessus, Aqua and Qualys. Triage, validate, and prioritise security findings from security assessments. Work with development, DevOps, and infrastructure teams to ensure timely remediation. Track and report remediation progress, ensuring closure within timelines required by regulatory instruments and Technology Security Standards. Provide guidance to developers and project teams on secure coding practices. Embed application security controls and tools (SAST, DAST, SCA, IAST) into CI/CD pipelines. Maintain security documentation and provide evidence for audits and regulatory reviews. Ensure compliance with internal policies, regulatory obligations, and industry best practices. Support audits, risk assessments, and regulatory inspections involving application security. Bachelor's degree in information security, Computer Science, or related field. Professional certifications such as CREST, OSCP+, OSEP, or GPEN. 7+ years of IT security experience, with at least 4 years of direct experience in project-based and annual penetration testing for web, mobile, and API applications. Experienced in secure code reviews, software composition analysis, container image assurance, and vulnerability assessments. Strong technical knowledge of web, mobile, and API security, including OWASP Top 10 and common attack vectors. Hands-on expertise with security testing tools mentioned above. Working knowledge of MAS TRM, MAS Cyber Hygiene, and BNM RMiT requirements
Responsibilities
Conduct penetration testing for various applications and perform secure code reviews to identify vulnerabilities. Collaborate with development and infrastructure teams to ensure timely remediation of security findings.