
S-RM · Kuala Lumpur
Senior Offensive Security Consultant Offensive Security consultants run the delivery of our offensive security services. They help to interpret client challeng...
Senior Offensive Security Consultant
Offensive Security consultants run the delivery of our offensive security services. They help to interpret client challenges,
innovate solutions, and deliver findings.
As an OS consultant, you will work across the full spectrum of our pentesting services, whether point in time or continuous, as
well as participate in larger engagements such as red teams. You will help our clients to build cyber resilience, enhance their
understanding of the threat landscape and become better prepared to face dynamic and evolving security risks.
As a senior consultant, you will be responsible for supporting commercial efforts, as well as line management and maintenance of
standards, tools and knowledge. We are looking for someone with a strong business acumen and technical background who can help us
shape, sell and deliver impactful resilience workstreams to our clients. The commercial and leadership aspect of this role will
take approximately 40% of your time, the rest being focused on delivery.
Client Engagement and Account Management
pricing
Offensive Security
bespoke)
bespoke)
tooling
Mentoring and technical leadership
forensics) and support with offensive security skills where required
Requirements
We are looking for an individual who has 8 or more years’ experience in pentesting and offensive security consulting across
comms.
All candidates must have permission to work in Malaysia by the start of their employment.
We offer thoughtful, balanced rewards and support to help our people do their best work and live their lives outside it, this
We nurture a culture of equality, diversity and inclusion and we are dedicated to developing a workforce that displays a variety
of talents, experiences and perspectives.
To apply for this role, please submit a PDF version of your cover letter and CV to: Job Application for Senior Offensive Security
Consultant at S-RM
PROSEC Wir bei ProSec wissen genau, was wir für #CyberSecurity erreichen wollen und was wir dafür tun müssen. Unsere Vision ist es, IT-Security viral gehen zu lassen, um Menschen und Werte nachhaltig vor Cyber-Bedrohungen zu schützen. Hierfür etablieren wir neue Standards im Penetration Testing, im IT-Security-Consulting sowie in der Ausbildung und Förderung von Nachwuchstalenten in diesen Fachbereichen. Wir bieten den Besten unserer Branche ein berufliches Zuhause, das von echtem Zusammenhalt und Rückhalt geprägt ist. Unsere Expertise und Leidenschaft teilen wir mit einer aktiven Community, um den digitalen Raum für uns alle dauerhaft sicher zu gestalten. DEINE ROLLE Als Senior Consultant bist du das technische Rückgrat und der planerische Kopf unserer Teams. Du arbeitest eng mit dem Manager zusammen, gestaltest Roadmaps, planst Sprints mit Kunden und führst komplexe Themen fachlich an. Gleichzeitig bist du Sparringspartner für unsere Professionals – und ein Ruhepol für Kunden, wenn es technisch und organisatorisch anspruchsvoll wird. * Planung, Strukturierung und Steuerung der Kundenroadmaps * Enge Zusammenarbeit mit dem Manager bei Sprint Planning & Priorisierung * Fachliche Führung der Professionals innerhalb des Teams * Technische Tiefe bei der Bearbeitung komplexer Security-Themen * Weiterentwicklung von Vorgehensweisen, Standards & Methoden * Bei größeren Projekten: strategische Beratung und technische Leitung * Direkter Kundenkontakt – klar, verbindlich, lösungsorientiert WAS WIR NICHT SUCHEN * Problemfokussierer – Wir wollen Menschen, die Lösungen bauen, nicht Probleme sammeln * Eitelkeits-Pentester – Tiefe statt Ego * Techniker ohne Drive – Wir brauchen Menschen, die Verantwortung wirklich wollen * Auftragserfüller – Wir erwarten Mitdenken, nicht Dienst nach Vorschrift WAS UNS WICHTIG IST * Tiefe technische Kompetenz * Klarheit in der Kundenführung * Verantwortung übernehmen, nicht wegdelegieren * Coaching-Mindset: Du entwickelst Professionals weiter, ohne sie kleinzuhalten * Strategisches Denken – in Projekten, Roadmaps, Kundenbeziehungen WAS DU MITBRINGST * Mehrjährige Erfahrung als Pentester oder Security Consultant * Idealerweise Erfahrung in der Steuerung von Projekten * OSCP, Offensive Security Background oder vergleichbare tiefe technische Skills * Fähigkeit, sowohl Teams als auch Kunden fachlich zu führen * Lust auf den nächsten Schritt Richtung Führung und Teamverantwortung WAS DU ERWARTEN KANNST * Ein Team, das auf Exzellenz setzt – nicht auf Masse * Kunden, die wirklich besser werden wollen * Tiefe technische Themen UND strategische Arbeit * Klare Entwicklungsmöglichkeit: Senior → Manager * Echtes Mentoring, echte Verantwortung, echte Wirkung Bock auf die nächste Stufe – technisch UND menschlich? Dann lass uns reden.
ABOUT US: SRLabs is home to knowledge leaders securing critical infrastructures in finance, energy, and telecommunications. We focus on hands-on hacking resilience – not compliance –, which we shape by combining our hacking research with impactful consulting work for innovation leaders that have a natural thrive for cutting-edge technologies. We come from diverse backgrounds from all over the world, and that's just the way we like it. From coding, reverse engineering, penetration testing, exploit scripting, process design, research and consulting skills, our mix of colleagues possesses a vast set of qualifications, that equips us to influence design decisions of large-scale organisations. YOUR RESPONSIBILITIES Job brief: In this role, you lead a team of security consultants delivering consulting and assessment services such as offensive assessments, resilience improvements, or AI security engagements for some of the world's most complex organisations. You are equally comfortable in front of a client board and in the weeds of a red team debrief. Your responsibilities: * Lead and oversee security engagements including red teaming, TIBER/DORA resilience assessments, penetration testing, and AI-focused security reviews and others * Act as the primary point of contact for senior client stakeholders – translating technical findings into business risk and actionable recommendations * Manage project delivery across scope, timeline, quality, and team utilisation * Mentor and develop junior and mid-level consultants, providing hands-on guidance on complex engagements * Drive business development by contributing to proposals, scoping, and client relationships * Shape our AI security offering – including LLM red teaming, model security assessments, and AI risk frameworks * Contribute to research and thought leadership that keeps SRLabs at the cutting edge WHAT DO YOU BRING? * Proven hands-on background in security with the credibility to lead technical teams * Experience leading or managing security consulting engagements, including client-facing delivery at senior levels * Solid understanding of enterprise and resilience frameworks * Familiarity with AI/ML security concepts * Ability to communicate complex security issues clearly to both technical and non-technical audiences * Strong communication skills in English and German is nice to have * Experience writing proposals, scoping engagements, and managing expectations WHAT AWAITS YOU WITH US? * A senior role with real influence over how we build and grow our offensive security practice * Diverse team of motivated security experts from many countries and backgrounds * Opportunity to shape cutting-edge AI security work before it becomes mainstream * Annual company retreat – a week of working holiday packed with fun, team building, and knowledge sharing * Professional development: conference speaking, research publication, and training budget * Competitive salary and flexible home office * 30 days vacation period * A wide range of benefits (discounts on Urban sports gym and Public transport ticket) APPLY NOW We are looking forward to getting to know you! SRLabs is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for our team.
ABOUT US: SRLabs is home to knowledge leaders securing critical infrastructures in finance, energy, and telecommunications. We focus on hands-on hacking resilience – not compliance –, which we shape by combining our hacking research with impactful consulting work for innovation leaders that have a natural thrive for cutting-edge technologies. What makes us unique? We come from diverse backgrounds from all over the world, and that's just the way we like it. From coding, reverse engineering, penetration testing, exploit scripting, process design, research and consulting skills, our mix of colleagues possesses a vast set of qualifications, that equips us to influence design decisions of large-scale organisations. YOUR RESPONSIBILITIES Job brief: As a Red teamer at SRLabs, you work in a small and specialised team simulating infiltrations of corporate environments with high levels of protection for our clients. From obtaining initial access via external vulnerabilities or phishing, over lateral movement and to a domain takeover, you take part in the full chain of emulating adversarial cyber attacks. To remain undetected and complete your mission, you are able to avoid noise and bypass detection solutions and other protection measures. You analyze protection and monitoring gaps for their technical and operational root causes, and provide actionable steps for closing these gaps, bearing in mind the customer specific constraints our clients are facing. Your strategic advice supports the management in defining the security roadmap and employing security budget most effectively. Your Responsibilities: * Participate in red team engagements at SRLabs' clients * Perform external penetration testing and run phishing campaigns * Bypass protection measures and move undetected inside corporate networks * Develop tools, scripts and exploits for red team engagements * Create presentations to communicate risk and provide strategic advice on process optimizations * Support the client in addressing findings, in both, written and verbal communication * Develop methodologies to extrapolate from Red Team insights to generic security assurance checks * (Optional) Lead red team exercises and take responsibility for what comes with it (scoping, task management, escalations, ...) WHAT DO YOU BRING? What do you bring: * Strong foundational knowledge of information technology, including (Operating systems, Networking and Web technologies) * Hands-on experience in offensive security and red teaming * Solid experience with Active Directory and Entra ID security * Experience in client-facing roles or security consulting, including (presenting technical findings to diverse audience and provide strategic advice to clients) * Infrastructure and web penetration testing * Proficiency in programming languages such as: * Python, C/C++, Go, Java * Excellent communication skills in English (written and verbal) Nice to have Relevant expertise from areas like * Malware delivery and development * Incident response * Vulnerability research and exploit development * Reconnaissance, OSINT and social engineering * Operational security and bypassing of security measures (AV/EDR, endpoint and infrastructure hardening, SIEM generated alerts, Honeypots, ...) * Detection engineering and SOC operation * Experience in management consulting and communication WHAT AWAITS YOU WITH US? What awaits you with us: * Diverse team of highly motivated and competent security experts * Culture of constant learning and improvement * Flexible home office. * You can work from anywhere in Germany * Yearly company retreat * Urban Sports Club membership * Deutschlandticket (public transportation) * 30 days paid vacation APPLY NOW We are looking forward to receiving your application.