Job Description

Location:

Singapore

Employment Type:

Full-time

We are looking for a

Cybersecurity Consultant

who will execute and deliver cybersecurity assessments and adversarial simulation exercises. The consultant will work closely with project and technical teams to uncover vulnerabilities, assess risks, and help clients strengthen their cyber resilience.

Key Responsibilities

Conduct

Vulnerability Assessment and Penetration Testing (VAPT)

across

web, mobile, API, network, wireless, RF, and cloud environments

for both

government and private sector clients

. Perform

Source Code Review (SCR)

and

Software Composition Analysis (SCA)

to identify vulnerabilities in custom and open-source components. Execute

Host Configuration Reviews (HCR)

to ensure compliance with hardening baselines and industry best practices. Conduct

Adversarial Simulations

, including

Red Teaming

and

Purple Teaming

exercises, to evaluate detection, response, and defense capabilities. Assess and communicate risk using frameworks such as

CVSS 3.1 / 4.0

and

5x5 likelihood-impact risk matrices

. Prepare and deliver

professional, actionable reports

with clear technical findings and concise executive summaries. Support the

sales team

in technical meetings, scoping discussions, and client presentations.

Requirements

Minimum

1 to 3 years of hands-on experience

in cybersecurity consulting, penetration testing, or related offensive security operations.

Technical Qualifications

Practical experience in

penetration testing

,

red teaming

, or

offensive security operations

. Strong understanding of

network infrastructure, web services, mobile, source code, and cloud security vulnerabilities

and exploitation techniques.

Hands-on experience

with security tools such as

Burp Suite, Metasploit, Kali Linux, and Cobalt Strike

, with the ability to

script

when required.

Proficiency in security frameworks

such as

OWASP, MITRE ATT&CK, NIST, CIS Benchmarks, OSSTMM, PTES, and CREST

.

Proficiency in risk scoring and communication methodologies

, including

CVSS 3.1

,

CVSS 4.0

, and

5x5 risk matrix

.

Certifications

Minimally possess

CREST CRT

or

OSCP

, or be in the

near pipeline of obtaining them

.

Professional Skills

Strong analytical and problem-solving ability. Excellent written and verbal communication skills. Capable of preparing clear, structured, and professional client reports. Self-motivated, detail-oriented, and able to work independently or in a team.

Opportunities for Growth

Progress into senior or

lead consultant roles

, taking ownership of project delivery, mentorship of junior team members, leadership of complex client engagements, and managing client relationships.


Firmus provides consultants with opportunities to explore and develop cross-domain skills, including:

Governance, Risk, and Compliance (GRC)

assessments.

Operational Technology (OT) cybersecurity

engagements.

Blue Team functions

such as

Managed Detection and Response (MDR)

,

Incident Response

, and

Threat Hunting

.
We support continuous learning and professional development through training, certification sponsorships, and exposure to real-world, mission-critical cybersecurity projects.