Penetration Tester

**About Sygnum**

Sygnum is a global digital asset banking group, founded on Swiss and Singapore heritage. We empower professional and institutional investors, banks, corporates and DLT foundations to invest in digital assets with complete trust. Our team enables this through our institutional-grade security, expert personal service and portfolio of regulated digital asset banking, asset management, tokenization and B2B services. In Switzerland, Sygnum holds a banking and securities dealer license, and in Singapore we operate under Capital Markets Services and Major Payment Institution Licenses. The group is also regulated in the established global financial hubs of Abu Dhabi and Luxembourg.

**About the role**

Our CISO team’s mission is to be in the vanguard of digital banking security, fostering a safe and prosperous financial future for our stakeholders while setting pioneering new industry standards for security and trust in the digital age.
- Penetration Testing: Conduct internal penetration testing on company projects and assets. Create detailed reports about your findings with detailed remediations for affected teams. Retest previous findings to ensure correct remediation has been put in place.
- Expert Advisory: Research, evaluate, document, and discuss findings both with IT teams and management. Be involved in designing fixes and improving security protocols. Help translate technical risks into non-technical, business-focused language.
- Secure Development: Participate in secure software development lifecycle (SDLC) activities, conduct security code reviews, and collaborate with development teams to ensure secure coding practices
- Tools & Automation: develop expertise in existing penetration testing tools and the creation of new internal tools aimed at automating security testing.
- Continuous Learning: Stay updated with the latest security trends, vulnerabilities, and technology developments through continuous education and professional development.
- Incident Management: support response to security incidents as required.
- Leadership Development: Mentor junior members of the team.

**What we expect**
- Educational Background: A technical university degree or equivalent experience, along with recognized certifications (OSCP, GWAPT, CEH, GPEN, PenTest+, etc.).
- Professional Experience: 2-5 years of experience as Penetration Tester.
- Penetration Testing Expertise: (in order of priority):

- Web Application Penetration Testing.
- Infrastructure testing for cloud environments.
- Penetration testing on Active Directory environments.
- Source code security assessment (desirable).
- Security Frameworks and Standards: Familiarity with industry standards and frameworks such as OWASP, NIST, ISO 27001, etc.
- Communication Skills: proven English language communication skills able to write detailed reports about test findings and remediations for affected teams and able to verbally discuss those findings with IT teams and management.
- Cloud Security: experience of security solutions and information security in cloud environments.
- Emerging Technologies: Understanding of digital assets, web3, cloud computing and blockchain technologies.
- Analytical Skills: Strong analytical, problem-solving, and organizational skills with high adaptability in a fast-changing environment.

**What we offer**
- The chance to be part of a movement shaping the future of our world’s financial system
- An amazing, diverse, highly skilled, international and motivated team of professionals
- Experienced leadership teams who are masters of scale and facilitate smart growth
- Competitive salary packages and chances to leave individual footprints
- Language course and gym special conditions
- Regular team events and gatherings, including Christmas parties, Oktoberfest celebrations, and apero’s, creating plenty of opportunities for fun and laughter

If you’re passionate for technology and blockchain with a massive worldwide impact, then please send us your CV