FIRMUS
Cybersecurity Consultant
FIRMUSSingapore19 hours ago
Full-timeInformation Technology
Location: Singapore

Employment Type: Full-time

Job Description

We are looking for a Cybersecurity Consultant who will execute and deliver cybersecurity assessments and adversarial simulation exercises. The consultant will work closely with project and technical teams to uncover vulnerabilities, assess risks, and help clients strengthen their cyber resilience.

Key Responsibilities

  • Conduct Vulnerability Assessment and Penetration Testing (VAPT) across web, mobile, API, network, wireless, RF, and cloud environments for both government and private sector clients.
  • Perform Source Code Review (SCR) and Software Composition Analysis (SCA) to identify vulnerabilities in custom and open-source components.
  • Execute Host Configuration Reviews (HCR) to ensure compliance with hardening baselines and industry best practices.
  • Conduct Adversarial Simulations, including Red Teaming and Purple Teaming exercises, to evaluate detection, response, and defense capabilities.
  • Assess and communicate risk using frameworks such as CVSS 3.1 / 4.0 and 5×5 likelihood–impact risk matrices.
  • Prepare and deliver professional, actionable reports with clear technical findings and concise executive summaries.
  • Support the sales team in technical meetings, scoping discussions, and client presentations.

Requirements

Minimum 1 to 3 years of hands-on experience in cybersecurity consulting, penetration testing, or related offensive security operations.

Technical Qualifications

  • Practical experience in penetration testing, red teaming, or offensive security operations.
  • Strong understanding of network infrastructure, web services, mobile, source code, and cloud security vulnerabilities and exploitation techniques.
  • Hands-on experience with security tools such as Burp Suite, Metasploit, Kali Linux, and Cobalt Strike, with the ability to script when required.
  • Proficiency in security frameworks such as OWASP, MITRE ATT&CK, NIST, CIS Benchmarks, OSSTMM, PTES, and CREST.
  • Proficiency in risk scoring and communication methodologies, including CVSS 3.1, CVSS 4.0, and 5×5 risk matrix.

Certifications

  • Minimally possess CREST CRT or OSCP, or be in the near pipeline of obtaining them.

Professional Skills

  • Strong analytical and problem-solving ability.
  • Excellent written and verbal communication skills.
  • Capable of preparing clear, structured, and professional client reports.
  • Self-motivated, detail-oriented, and able to work independently or in a team.

Opportunities for Growth

Progress into senior or lead consultant roles, taking ownership of project delivery, mentorship of junior team members, leadership of complex client engagements, and managing client relationships.

Firmus provides consultants with opportunities to explore and develop cross-domain skills, including:

  • Governance, Risk, and Compliance (GRC) assessments.
  • Operational Technology (OT) cybersecurity engagements.
  • Blue Team functions such as Managed Detection and Response (MDR), Incident Response, and Threat Hunting.

We support continuous learning and professional development through training, certification sponsorships, and exposure to real-world, mission-critical cybersecurity projects.

Key Skills

Ranked by relevance
Apply