- Conduct internal and external penetration tests on systems, networks, applications, and mobile platforms;
- Identify and exploit vulnerabilities to evaluate the effectiveness of existing security controls;
- Document detailed findings from testing activities and provide actionable recommendations;
- Present test results to technical teams and management, translating technical risks into business impacts;
- Stay updated on new threats, vulnerabilities, and offensive security tactics;
- Research emerging attack vectors and develop countermeasure recommendations;
- Collaborate with IT, application development, and infrastructure teams to plan and execute security tests;
- Coordinate internal and external penetration testing engagements and track remediation progress;
- Assist in assessing the effectiveness of security controls for compliance with regulatory frameworks (e.g., National Bank of Cambodia Technology and Cyber Risk Management Guidelines, SWIFT CSP, PCI DSS);
- Contribute to ongoing risk assessments and audit support activities;
- Share knowledge with junior team members and contribute to developing internal testing methodologies and processes;
- Present the results of penetration testing to management;
- Provide training and guidance to junior team members on offensive security practice;
