Cyber Security Consultant

Ensign is hiring !

Job Overview

Ensign InfoSecurity is the largest pure-play end-to-end cybersecurity service provider in Asia. Headquartered in Singapore, Ensign offers bespoke solutions and services to address their clients’ cybersecurity needs. Our core competencies are in the provision of cybersecurity advisory and assurance services, architecture design and systems integration services, and managed security services for advanced threat detection, threat hunting, and incident response.

The candidate will work under Ensign Advisory, we draw on our vast experience in cyber security and risk management and our insights into the tactics, techniques and procedures used by threat actors to help you anticipate threats, disrupt attacks and respond decisively. Ensign offers strategic advisory and consultancy services to enable our client’s organisation – from the leadership team to security operations – with a ‘shift left’ mentality to proactively combat emerging threats.

Duties And Responsibilities

• Conduct penetration testing of systems and applications to identify, document, and present technical vulnerabilities and issues.
• Participate and lead Red Team engagements to remotely infiltrate, escalate privileges, and achieve full control of target networks, demonstrating advanced offensive capabilities.
• Assist in developing customized remediation plans based on technical findings and client business constraints to strengthen cybersecurity defenses.
• Utilize automation tools and techniques to streamline and enhance penetration testing and red teaming processes for improved efficiency and accuracy.
• Collaborate with cross-functional teams to assess security controls, technologies, and processes, exposing vulnerabilities and recommending proactive measures.
• Research, develop, and ideally present new offensive cyber techniques and security control bypasses to the broader cybersecurity community.
• Stay abreast of emerging threats, industry trends, and best practices, integrating new knowledge into penetration testing methodologies and techniques.
• Collaborate with clients and stakeholders to provide expert guidance on cybersecurity strategies, risk mitigation, and incident response.
• Foster a culture of continuous learning and knowledge sharing within the team and across the organization.
• Support pre-sales processes and working with the Business Development team to win new deals.

Requirements

• Degree in information security, computer science or related field
• At least 4 years of information security exposure
• Good working knowledge of relevant standards, security frameworks and regulations (ISO27001, NIST, GDPR, CSL, MLPS, GL20, PDPO, PIPL)
• Excellent written and verbal communication skills
• Broad knowledge across multiple technical domains and willing to learn
• Confident and assured presentation skills – at ease with senior stakeholder engagement

Preferred Skills /Qualities

• At least two years of proven experience in conducting penetration testing / red team engagements in diverse environments.
• Strong proficiency in developing and executing remediation plans tailored to client business constraints and technical findings.
• Demonstrated ability to dive into new industries and technology stacks, adapting quickly to new challenges and environments.
• Familiarity with cyber security principles (e.g. networking, web development, vulnerability classes) and industry best practices (e.g. OWASP Top 10, MITRE ATT&CK Framework)
• Experienced in consulting, including internal and client facing experiences
• Ability to independently lead a project and communicate with clients
• Excellent communication and presentation skills, with the ability to convey technical concepts to both technical and non-technical stakeholders.
• Knowledge of GRC (Governance, Risk, and Compliance) processes is a plus, with an understanding of information security management systems and relevant standards and frameworks (e.g., ISO 27001, NIST CSF).