Senior Penetration Tester

At Aspire, we’re more than just a FinTech company—we’re the leading all-in-one financial operating system built to empower the world’s innovators and entrepreneurs. We are on a mission to reinvent business finance, empowering startups and businesses to realise their full potential.

Founded in 2018, Aspire has raised over USD 300M+ across equity and debt from world-class investors. In 2023, we successfully closed an oversubscribed USD 100 million Series C equity round led by Sequoia Capital and Lightspeed Ventures with participation of Tencent, Paypal Ventures, LGT Capital Partners, Picus Capital and MassMutual Ventures. To power our solutions, we have partnered with some of the best companies in the world such as Visa and Wise and empowered more than 50,000 businesses using our suite of products.

Aspire has consistently been recognized for excellence, earning Best Employer and Startup of the Year by the Asia FinTech Awards in 2022 and 2023, ranked as LinkedIn’s Top Startup in Singapore, and listed on CB Insights’ Top 100 Global Fintech in 2023 and 2024.

You will be amazed by the energy and experience of our team! Aspire serves as an environment for you to innovate and drive change with our team of ex-entrepreneurs, ex-founders, and high-achievers with international and diverse backgrounds.

Are you a top talent who is passionate about entrepreneurship? Join our rapidly growing team to make an impact in the fintech space! 

About the team:

At Aspire, we recognize that data and infrastructure security are paramount to our customers' success and trust. Our Security Team is at the forefront of protecting and securing our systems, ensuring compliance with industry best practices, and continuously learning and evolving to stay ahead of emerging threats. Our emphasis extends to data privacy, seamlessly integrating it into our security initiatives. 

About the role:

• Lead application and infrastructure security assessments, code reviews, and penetration tests to identify and mitigate security issues.
• Drive the implementation of penetration testing as part of the Secure SDLC.
• Work collaboratively with engineering teams to identify security gaps, propose fixes, and guide their resolution.
• Lead the creation and implementation of a scalable threat modeling process, integrating it into the product lifecycle.
• Evaluate and implement new security tools and technologies to enhance application security processes.
• Build strong relationships with product and engineering teams to advocate for secure coding practices and vulnerability remediation.
• Conduct penetration tests on cloud-based applications, infrastructure, and services (AWS, Azure, GCP) to identify security gaps.

Minimum qualifications:

• Degree in Computer Science or other Technical discipline
• 7+ years in penetration testing and offensive security practices.
• Excellent verbal and written communication skills, with the ability to clearly articulate vulnerabilities and advocate for their remediation in high-pressure environments.
• Solid understanding of the Software Development Life Cycle (SDLC) and embedding security early in development.
• Proven experience leading and integrating threat modeling into the SDLC.
• Hands-on experience in source code reviews and threat modeling.
• Strong understanding of common attack vectors, network protocols, and web application security principles.
• Strong knowledge of cloud security frameworks and standards such as AWS Well-Architected Framework, MITRE ATT&CK Cloud Matrix, CSA Cloud Controls Matrix (CCM) and CIS Benchmarks.
• Perform security testing on cloud-native services like AWS Lambda, API Gateway, Kubernetes (EKS/GKE/AKS), and containerized workloads.

Preferred qualifications:

• Proficiency with penetration testing tools and frameworks (e.g., Burp Suite, SQLMap).
• Hands-on expertise in bug bounties and Capture The Flag (CTF) competitions.
• Relevant certifications, such as OSCP, OSCE, OSWE, or AWS Certified Security, are highly preferred.
• Experience with mobile application security testing using tools like Drozer, MobSF, Frida, apktool, dex2jar, and jadx.
• A self-driven mindset with the ability to take initiative and effectively communicate with diverse internal teams.

What we offer

• Uncapped flexible annual leave.
• Hybrid work arrangement. 
• Training subsidy for your professional growth.
• Wellness benefit.
• Team bonding budget to foster collaboration and sense of belonging.
• Flexibility to work from anywhere (for up to 90 days per annum).
• Culture is Key: We always strive to cultivate a special culture that brings special talents together - You can learn more about our culture on our careers site and LinkedIn Life page.
  

Equal Opportunity Statement 

Aspire is an equal opportunity employer and is committed to providing equal employment opportunities to all qualified individuals without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or any other protected characteristic as outlined by applicable laws. 

Please note: by submitting your application, you acknowledge that you have read and understood Aspire’s Data Protection Policy for Employees, Freelancers, Contractors and Job Applicants (the “Policy”), and consent to the collection, use and disclosure of your personal data by Aspire for the purposes set out in the Policy. You may withdraw consent for such collection, use and disclosure, and make an access or correction request in respect of your personal data, in accordance with the Policy by emailing people@aspireapp.com.