Application Penetration Tester, Offensive

Full Time Phnom Penh Posted 2 months ago



  • Work with relevant stakeholders to plan application testing and remediation.
  • Conduct periodic app/API scans to find any vulnerability.
  • Conduct secure code scanning, dependency, class, or library scanning.
  • Conduct application penetration test.
  • Analyze coding threats, evaluating encryption options and auditing permissions and access rights.
  • developing, adding, and testing security features within applications to prevent security vulnerabilities against threats such as unauthorized access and modification.
  • Conduct threats modelling and maintain report.
  • Review and provide input on application security architecture, features and design.
  • Participating in software development process to ensure apps develop is in secure manner.
  • Research, develop and recommend tools to assist in secure development process.
  • Provide secure application training to workforces on software/application security standards, threats, and secure coding.
  • Scanning and exploiting systems weakness, flaw, design, and configuration settings.
  • Crack, decompile or reverse engineering applications to find weakness and provide solutions.
  • Conducts regular and careful security assessment on existing and new systems.
  • Create and maintain testing reports.
  • Manage and maintain application asset inventory.


  • Graduated bachelor degree of Information Technology, preferably in the field of Computer Science.
  • Completed or certified any security course like PenTest+, CEH
  • Self-learning any security related course or own lab development is advantaged.
  • An adversarial mindset, highly ethical, Curiosity, problem solving mentality, critical thinking, analytics kill and scepticism skill.
  • Knowledge of the MITRE ATT&CK framework
  • Knowledge of OWASP top 10 CI/CD security risks.
  • Knowledge of Top 25 Most Dangerous Software Weaknesses
  • Knowledge of OWASP top 10 web/API and cloud security risk
  • Understanding CVE, CWE, CPACE, CVSS
  • Knowledge or Experience in programming language such as PHP, Java, JavaScript, shell scripting, PowerShell, python.
  • Knowledge or experience in secure development frameworks.
  • Knowledge or experience of mobile development such as Android and IOS.
  • Basic knowledge or experience in networking and understanding of OSI/TCP-IP model.
  • Basic knowledge of programming languages or scripting.
  • Basic knowledge or experience in penetration testing or vulnerability scanning.
  • Basic or experience of DevOps and DevSecOps is a plus.
  • Knowledge or experienced in operating system such windows, Linux
  • Knowledge or experience in virtualization, containers


Interested candidates are invited to send a cover letter and CV to jobs@wingbank.com.kh or click button below to apply!