Test Manager - Application Security & Penetration testing

Req ID: 351249 

NTT DATA strives to hire exceptional, innovative and passionate individuals who want to grow with us. If you want to be part of an inclusive, adaptable, and forward-thinking organization, apply now.

We are currently seeking a Test Manager - Application Security & Penetration testing to join our team in Kuala Lumpur, Wilayah Persekutuan Kuala Lumpur (MY-14), Malaysia (MY).

About the Job

The Manager, Application Security is responsible for strengthening our enterprise application security posture. This is a hands-on individual contributor role responsible for performing penetration testing, secure code review, software composition analysis, container image assurance, and vulnerability assessments, as well as managing findings and supporting compliance with financial industry regulations. The role requires strong technical expertise, practical testing skills, and familiarity with regulatory requirements such as MAS TRM Guidelines and BNM RMiT Policy Document.

Role & responsibilities:

• Conduct penetration testing for web, mobile, and API applications.
• Perform secure code reviews, software composition analysis, and container mage assurance to identify vulnerabilities early in the SDLC.
• Perform vulnerability assessments for applications, middleware, and supporting systems.
• Utilise industry-standard tools such as Burp Suite, OWASP ZAP, Fortify, Checkmarx, Black Duck, Nessus, Aqua and Qualys.
• Triage, validate, and prioritise security findings from security assessments.
• Work with development, DevOps, and infrastructure teams to ensure timely remediation.
• Track and report remediation progress, ensuring closure within timelines required by regulatory instruments and Technology Security Standards.
• Provide guidance to developers and project teams on secure coding practices.
• Embed application security controls and tools (SAST, DAST, SCA, IAST) into CI/CD pipelines.
• Maintain security documentation and provide evidence for audits and regulatory reviews.
• Ensure compliance with internal policies, regulatory obligations, and industry best practices.
• Support audits, risk assessments, and regulatory inspections involving application security.

Requirement:

• Bachelor’s degree in information security, Computer Science, or related field.
• Professional certifications such as CREST, OSCP+, OSEP, or GPEN.
• 7+ years of IT security experience, with at least 4 years of direct experience in project-based and annual penetration testing for web, mobile, and API applications.
• Experienced in secure code reviews, software composition analysis, container image assurance, and vulnerability assessments.
• Strong technical knowledge of web, mobile, and API security, including OWASP Top 10 and common attack vectors.
• Hands-on expertise with security testing tools mentioned above.
• Working knowledge of MAS TRM, MAS Cyber Hygiene, and BNM RMiT requirements

About NTT DATA

NTT DATA is a $30 billion business and technology services leader, serving 75% of the Fortune Global 100. We are committed to accelerating client success and positively impacting society through responsible innovation. We are one of the world's leading AI and digital infrastructure providers, with unmatched capabilities in enterprise-scale AI, cloud, security, connectivity, data centers and application services. our consulting and Industry solutions help organizations and society move confidently and sustainably into the digital future. As a Global Top Employer, we have experts in more than 50 countries. We also offer clients access to a robust ecosystem of innovation centers as well as established and start-up partners. NTT DATA is a part of NTT Group, which invests over $3 billion each year in R&D.

Whenever possible, we hire locally to NTT DATA offices or client sites. This ensures we can provide timely and effective support tailored to each client’s needs. While many positions offer remote or hybrid work options, these arrangements are subject to change based on client requirements. For employees near an NTT DATA office or client site, in-office attendance may be required for meetings or events, depending on business needs. At NTT DATA, we are committed to staying flexible and meeting the evolving needs of both our clients and employees. NTT DATA recruiters will never ask for payment or banking information and will only use @nttdata.com and @talent.nttdataservices.com email addresses. If you are requested to provide payment or disclose banking information, please submit a contact us form, https://us.nttdata.com/en/contact-us.

NTT DATA endeavors to make https://us.nttdata.com accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact us at https://us.nttdata.com/en/contact-us. This contact information is for accommodation requests only and cannot be used to inquire about the status of applications. NTT DATA is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status. For our EEO Policy Statement, please click here. If you'd like more information on your EEO rights under the law, please click here. For Pay Transparency information, please click here.