Job Description

If you are looking to excel and make a difference, take a closer look at us…

The Senior Executive, VAPT delivers hands-on offensive security testing. You will identify and validate

weaknesses across the bank’s digital landscape by executing penetration tests, vulnerability scans and red-

teaming exercises against critical infrastructure and financial apps.

In this technical role, you manage the end-to-end testing lifecycle from scoping to final reporting. You will

translate complex vulnerabilities into actionable risk insights while ensuring compliance with BNM RMiT. You

act as a technical gatekeeper for new products, cloud migrations and third-party integrations before they enter

production.

You will partner with Security, App and Business teams to track remediation and ensure gaps are closed

precisely. By integrating testing into CI/CD pipelines, you will drive a Shift Left culture to secure the bank’s

reputation and market standing.

Responsibilities:

Operational (50%)

• Vulnerability & Testing Management: Participate end-to-end scanning and penetration testing (web, mobile, network) across the Group, prioritizing high-risk findings for remediation.
• Operational Execution: Deliver security testing and special projects as assigned by team lead.
• Audit & Regulatory Support: Prepare technical documentation and evidence for queries from auditors and BNM regarding security findings.
• Risk Identification: Proactively identify and report critical security gaps that remain unaddressed by current controls.
• Remediation Validation: Monitor and validate security gap closures to ensure compliance with Group SLAs and regulatory mandates.
• Continuous Improvement: Suggest enhancements for security controls and software processes based on vulnerability trends.
• Standard Maintenance: Assist in drafting and updating group-wide security procedures and ethical hacking standards.
• Executive Reporting: Work with team lead to compile and present risk-based findings and remediation progress to senior management and IT Security Committees.
• Vendor Oversight: Work with team lead to manage third-party security providers for mandatory assessments (Annual Pentests, PCI ASV) and oversee software licensing budgets.
• Incident Support: Conduct impact assessments on system changes and provide offensive expertise during incident investigations to identify entry points.
• Workflow Automation: Develop automated VAPT scripts and tools to improve testing efficiency.
• Tooling Optimization: Work with team lead to deploy and tune Group VAPT tools (DAST, SAST, IAST) and automate attack surface management.

Technical (50%)

• Technical Advisory: Provide hands-on VAPT technical assistance and troubleshooting for business units and branches.
• Assurance: Conduct quality reviews on all internal/vendor VAPT reports to ensure technical depth and actionable remediation.
• Attack Surface Design: Identify security blind spots in complex architectures and translate them into robust Group-wide testing scenarios.
• Mitigation Analysis: Work with team lead to explain complex exploit chains to application owners and provide permanent mitigation strategies to prevent external breaches.
• Emerging Threat Research: Evaluate new exploitation techniques (e.g., AI-driven attacks) and recommend defensive shifts to maintain Group resilience.
• Security Validation: Collaborate with architects and software developers to execute security-by-design testing for regional products, ensuring alignment with established VAPT playbooks and standards.
• Stakeholder & Team Collaboration: Work closely with Cyber Defense and App Security teams to align daily testing activities with the broader Group Technology strategy.
• Risk Remediation Tracking: Conduct technical risk assessments of discovered flaws and track the remediation lifecycle across regional platforms to ensure gaps are closed.

Skills & Experience We Are Looking For:

• Bachelor’s Degree in Cybersecurity, Computer Science, Information Technology, or a related field.
• Must possess at least one or more of the following: OSCP, CISA, GPEN, or equivalent industry-recognized security certification for hacking and/or VAPT.
• 3 to 5 years of experience in Vulnerability Management or Penetration Testing.
• Expertise in BNM RMiT (Risk Management in Technology) and PCI-DSS 4.0 standards.
• Must have a strong understanding of industry-standard penetration testing methodologies, including:
  OSSTMM, OWASP, PTES and others.
• Hands-on experience managing VA tools such as Tenable, Rapid7 InsightVM, Qualys and others.
• Experience managing vulnerability lifecycles within enterprise ticketing platforms such as ServiceNow.
• Expertise in cloud security (AWS, Azure, GCP) and on-prem security controls.

Special Skills

• Experienced in manual exploitation techniques for web applications, including deep-dive testing for complex business logic flaws, API security, and session management vulnerabilities.
• Experienced in manual security assessments for Mobile Applications (iOS/Android), focusing on binary analysis and secure data storage.
• Experience in overseeing Red Team or adversarial simulation exercises to validate the effectiveness of the bank’s security controls.
• Ability to communicate complex security concepts to non-technical stakeholders.
• Collaboration with cross-functional teams.
• Manage working relationships with key technology suppliers.

For more job opportunities, please go to HLB Careers: https://hlb.wd3.myworkdayjobs.com/HLBCareers/

We appreciate your application and will be in touch with shortlisted candidates regarding next steps.

About Hong Leong Bank

We are a leading financial institution in Malaysia backed by a century of entrepreneurial heritage. Providing comprehensive financial services guided by a Digital-at-the-Core ethos has earned us industry recognition and accolades for our innovative approach in making banking simpler and more effortless for our customers. Our digital and physical offerings span across a vast nationwide network in Malaysia, strengthened with an expanding regional presence in Singapore, Hong Kong, Vietnam, Cambodia, and China.

We seek to strike a balance between diversity, inclusion and merit to achieve our mission of infusing diversity in thinking and skillsets into our organisation. Candidates are assessed based on merit and potential, in line with our mission to attract and recruit the best talent available. Expanding on our “Digital at the Core” ethos, we are progressively digitising the employee journey and experience to provide a strong foundation for our people to drive life-long learning, achieve their career aspirations and grow talent from within our organisation.

Realise your full potential at Hong Leong Bank by applying now.