Contact Us

Security Testing Team Leader

We are seeking a hands-on Security Testing Team Leader to lead advanced VAPT and Red Team engagements under large-scale Singapore Government programs. This role combines deep technical execution with people leadership, delivery ownership, and quality assurance in high-assurance, regulated environments, with responsibility across application, infrastructure, and secure code assessments. The position requires strong offensive security expertise including manual testing, adversary simulation, and selective tooling or automation development, alongside proven capability to lead teams, manage complex government engagements, engage directly with stakeholders, and ensure high-quality, evidence-driven deliverables.


Role & Responsibilities

  • VAPT & Red Team Leadership – Lead and execute advanced VAPT, Red Team, and Purple Team engagements across web applications, enterprise infrastructure, and complex government environments.
  • Hands-On Security Testing – Perform white-box, black-box, and grey-box testing with strong emphasis on manual testing beyond automated scanning.
  • Enterprise & Infrastructure Security – Conduct assessments across Active Directory, servers, middleware, networks, and host configuration review and hardening.
  • Secure Code & Dependency Review – Perform automatic and manual secure code review and code composition / dependency analysis, including OSS and supply chain risk assessment.
  • Red & Purple Team Operations – Lead adversary simulation, post-exploitation analysis, and close collaboration with defensive teams.
  • Tooling & Automation – Utilize industry-standard toolsets and develop automation, custom scripts, and exploit tooling to support engagements.
  • Low-Level Research – Conduct low-level research, exploit development scripting, and binary reverse engineering where required.
  • Delivery Ownership & QA – Own engagement scoping, task allocation, technical supervision, quality assurance of findings, report validation, and stakeholder briefings.
  • Documentation & Evidence – Operate in regulated, high-assurance environments with strong documentation, reporting, and evidence discipline.
  • People Leadership – Mentor, guide, and develop team members while ensuring technical excellence and delivery quality.
  • Stakeholder Communication – Communicate clearly with technical teams, management, and government stakeholders.

Requirements

  • 5+ years hands-on experience in VAPT and security testing.
  • Hands-on experience across web applications, enterprise infrastructure (AD, servers, middleware, networks), and host hardening assessments.
  • Strong experience in manual security testing (white-box, black-box, grey-box) beyond automated scanning.
  • Experience in Red Team and Purple Team engagements, including post-exploitation analysis.
  • Proven vulnerability discovery track record.
  • Strong scripting experience for automation and exploit development.
  • Experience with source code review (manual secure code analysis) and dependency / supply chain risk analysis.
  • Experience operating in regulated or high-assurance environments with strong documentation standards.
  • Strong leadership, mentoring, and communication skills.
  • Relevant certifications such as CREST or OSCP
  • Fluent English – written and verbal.
  • Relocation – Singapore.

Nice to Have

  • CREST-aligned delivery experience (processes, reporting, evidence handling, and quality controls).
  • Experience in mobile security, cloud security (AWS / Azure / GCP), OT / ICS, or mainframe security environments.
  • Threat hunting and malware analysis experience.
  • Advanced offensive / red team certifications (e.g., OSEP, OSCE, CRTO).

Apply for this Position

Submit your resume using the form below, or send it to CV@Planet-Nine.io along with the position name

    PDF/JPG or DOC