All Open Positions
Be part of something bigger – join the FIRMUS team and work with passionate individuals to create meaningful and lasting impacts. Discover our job openings below!
Senior Security Engineer (Vulnerability Management, Network)
ROLE DESCRIPTION:
- Primary technical project lead to implement security solutions to customers.
- Liaise with customer to implement technical solution aligning to customer’s requirement, project scope and timeline.
- Provide deployment, documentation, support of project-wide information security solution, practices and policies.
- Serve as first point of contact for security solutions’ technical support.
- Technical subject matter expert to perform technical issue troubleshooting, root-cause analysis, resolution and escalation.
- Contribute to building the organization security solutions technical knowledge and cybersecurity knowledge.
- Traveling to customer site for installation or trouble-shooting when required.
- Act as a subject matter expert to provide advisory relate to security solution such as security solution capabilities, solution architecture, implementation plan and etc.
QUALIFICATIONS:
- Bachelor’s degree or higher in IT, Information Security, or a related field.
- 2-5 years of experience in a System Integrator (SI), technology consulting organization, or end-user IT operations environment.
- Good understanding and working knowledge of cybersecurity frameworks or regulatory requirements such as NIST CSF, ISO27001, Mitre ATT&CK framework, etc.
- Good verbal and written communication skills in English and Bahasa Malaysia.
- Proven commitment to continuous learning in cybersecurity, with a focus on mastering new technologies and security solutions.
- Organized, self-motivated, adapt at time management, and capable of working with minimal supervision.
- Collaborative team player with a positive attitude.
- Hands-on technical proficiency with various network security products, including Firewalls, Advanced Persistent Threat (APT) solutions, Vulnerability Management tools, Mobile Device Management (MDM) platforms, and other relevant technologies.
- Possession of recognized technical certifications in network security is mandatory. Ability to implement detection strategies aligned with industry standards such as the Cyber Kill Chain and Mitre Attack framework.
Business Manager
Key Responsibilities:
- Collaboration and relationship building with relevant principals, suppliers and distributors.
- To strategize with principals on the right solution for customer requirements
- Collaboration with internal stakeholders (presales to post sales teams) to support its sales cycle and ensure the most effective solution to meet and exceed customer expectation.
- Responsible for attaining sales quota and direct activities of all sales and marketing support efforts.
- To develop new clienteles with new business opportunities
Qualification:
- Bachelor’s degree (or higher) in Computer Science, Information Technology or related fields.
- Minimum of 2 years working experience in IT Security Sales and Marketing
- Domain coverage across industries and green field opportunities
- CXO and Decision makers connects
- Have good product knowledge in IT Security solution such as McAfee, Tenable, F5, Palo Alto, etc.
- Excellent spoken and written English.
- Strong analytical and organisational skills, with a systematic approach to problems.
- Exceptional professional communication skills and positive working attitude.
Key Account Manager (Singapore)
Key Responsibilities:
Client Relationship Management:
- Serve as the main point of contact for assigned clients, fostering a positive and long-lasting relationship.
- Ensure that clients are satisfied with the products and services provided by the company.
- Develop a deep understanding of client needs and ensure timely resolution of issues.
Sales & Revenue Growth:
- Identify new opportunities within existing accounts for upselling and cross-selling products or services.
- Proactively manage client renewals and work to achieve set sales targets.
- Prepare and present proposals, contracts, and quotes for client review.
Reporting & Analysis:
- Regularly monitor and report on the status of client accounts, including any potential risks or opportunities.
- Provide feedback to internal teams to help improve service delivery and client satisfaction.
Strategic Planning:
- Help develop account plans that detail how the company will meet client goals and objectives.
- Contribute to business strategy development based on market and client insights.
Project Coordination:
- Work closely with internal teams, including project managers, marketing, and technical support, to ensure projects are delivered on time and within budget.
- Manage expectations of clients and internal stakeholders regarding project timelines and deliverables.
Qualifications & Skills:
Education: Bachelor’s degree in Cybersecurity/Business & Marketing, or a related field.
Experience: Minimum of 2 years of experience in account management, sales, or client-facing roles.
Skills:
- Strong interpersonal and communication skills.
- Excellent negotiation and problem-solving abilities.
- Ability to manage multiple accounts/projects simultaneously.
- Proficiency in CRM software and Microsoft Office Suite.
- Analytical mindset with attention to detail.
Competencies:
- Client-focused with a passion for delivering value.
- Results-driven with a proven track record of achieving targets.
- Collaborative and able to work well with cross-functional teams.
Assistant Manager
Role Overview
The Assistant Manager, Marketing will play a key role in executing Firmus’s marketing strategy, managing multi-channel campaigns, and supporting brand-building initiatives to strengthen our position as a leading regional cybersecurity provider. This role will also involve public relations, stakeholder engagement, and event coordination to drive awareness, thought leadership, and business growth.
Key Responsibilities:
1. Marketing
- Coordinate and drive the company’s marketing strategy and tactical campaigns.
- Support relevant stakeholders in managing and maintaining all digital channels, including the company website and social media platforms.
- Support sales enablement efforts through the creation of communications and marketing collateral.
- Assist in managing the marketing budget and work with vendors to secure the best value deals.
- Monitor, track, and report on campaign results and effectiveness.
2. Public Relations & Editorial Support
- Monitor industry news (local and global), including competitor marketing and PR activities.
- Provide editorial support for external-facing marketing communications materials, including copywriting and copyediting.
- Research and recommend relevant publications and speaking platforms to advance the company’s industry presence and thought leadership.
- Support the execution of public relations efforts, including press releases, feature articles, and success stories.
- Maintain healthy relationships with media practitioners, keeping abreast of PR and marketing best practices for adoption.
3. Stakeholder Engagement & Event Management
- Coordinate and establish partnerships with key stakeholders, collaborating with internal teams to achieve business and public affairs objectives.
- Maintain a comprehensive record of the company’s priority stakeholders and recommend engagement initiatives.
- Coordinate and support the production and preparation for stakeholder and industry events (virtual, physical, and hybrid).
Requirements
- A degree in Business, Marketing, Public Relations, or related fields is preferred.
- 2-3 years relevant experience in IT industry is a must
- Excellent command of English; proficiency in Bahasa Malaysia or Mandarin is an advantage.
- Knowledge of website and social media analytics and reporting tools is desirable.
- Exposure to SEO, SEM, social media management, EDM campaigns, and content writing.
The Ideal Candidate
- Keen to learn and driven to succeed.
- Strong written and verbal communication skills.
- Creative in devising digital campaigns across web, email, and social media.
- Possesses strong research and analytical skills.
- Skilled in time and project management.
- A team player who is resourceful, independent, and possesses strong interpersonal skills.
Cybersecurity Consultant
Role Overview
We are looking for a Cybersecurity Consultant who will execute and deliver cybersecurity assessments and adversarial simulation exercises. The consultant will work closely with project and technical teams to uncover vulnerabilities, assess risks, and help clients strengthen their cyber resilience.
Key Responsibilities:
- Conduct Vulnerability Assessment and Penetration Testing (VAPT) across web, mobile, API, network, wireless, RF, and cloud environments for both government and private sector clients.
- Perform Source Code Review (SCR) and Software Composition Analysis (SCA) to identify vulnerabilities in custom and open-source components.
- Execute Host Configuration Reviews (HCR) to ensure compliance with hardening baselines and industry best practices.
- Conduct Adversarial Simulations, including Red Teaming and Purple Teaming exercises, to evaluate detection, response, and defense capabilities.
- Assess and communicate risk using frameworks such as CVSS 3.1 / 4.0 and 5×5 likelihood–impact risk matrices.
- Prepare and deliver professional, actionable reports with clear technical findings and concise executive summaries.
- Support the sales team in technical meetings, scoping discussions, and client presentations.
Technical Qualifications
- Practical experience in penetration testing, red teaming, or offensive security operations.
- Strong understanding of network infrastructure, web services, mobile, source code, and cloud security vulnerabilities and exploitation techniques.
- Hands-on experience with security tools such as Burp Suite, Metasploit, Kali Linux, and Cobalt Strike, with the ability to script when required.
- Proficiency in security frameworks such as OWASP, MITRE ATT&CK, NIST, CIS Benchmarks, OSSTMM, PTES, and CREST.
- Proficiency in risk scoring and communication methodologies, including CVSS 3.1, CVSS 4.0, and 5×5 risk matrix.
Qualifications
- Minimum 1 to 3 years of hands-on experience in cybersecurity consulting, penetration testing, or related offensive security operations.
Certifications
- Minimally possess CREST CRT or OSCP or be in the near pipeline of obtaining them.
Professional Skills
- Strong analytical and problem-solving ability.
- Excellent written and verbal communication skills.
- Capable of preparing clear, structured, and professional client reports.
- Self-motivated, detail-oriented, and able to work independently or in a team.
Cybersecurity Reporting Specialist
Job Overview: We are seeking a highly skilled and motivated individual to join our Team. The candidate will be responsible for managing and maintaining the tools such as Dradis Framework, collaborating with consultants to compile findings, and ensuring the delivery of high-quality penetration testing reports.
Responsibilities
- Manage and maintain the Dradis Framework, ensuring its optimal performance and security.
- Collaborate with consultants to import, organize, and review findings from various security tools.
- Assist consultants in customizing report templates to meet client requirements.
- Generate comprehensive and professional penetration testing reports based on consultant input.
- Perform quality assurance and quality control (QA/QC) on reports to ensure accuracy, completeness, and adherence to company standards.
- Work closely with the Senior Consultants to address feedback and implement improvements.
- Stay updated on industry best practices and emerging trends in penetration testing reporting.
Qualifications
- Bachelor’s degree in Computer Science, Information Security, or a related field.
- Strong understanding of cybersecurity concepts, tools, and methodologies.
- Excellent communication and collaboration skills to work effectively with consultants and team members.
- Attention to detail and the ability to perform thorough QA/QC on reports.
- Familiarity with other security tools and technologies is a plus.
- Fresh graduates are encouraged to apply
MDR Consultant
Job Overview:
Firmus Centurion’s MDR Tier 3 Analyst is the technical lead inside our Managed Detection & Response service. In this role, you will lead intricate investigations, working directly with customers to assist them in investigating and responding to security incidents.
As a senior team member, you will mentor less experienced analysts and drive continuous improvement in our detection and response capabilities.
This position requires a strong foundation in cybersecurity operations, a deep understanding of various security solutions commonly deployed in enterprise environments (such as SIEM and XDR), and the ability to train others and develop complex processes and procedures to increase service efficiency.
Key Responsibilities:
- Lead triage and full lifecycle investigation of high-severity security incidents (endpoint, network, cloud).
- Coordinate responders, perform containment/remediation decisions, drive post-incident RCA and lessons learned.
- Design, implement, test and tune detections across EDR, NDR, SIEM, and cloud logs; map detections to MITRE ATT&CK.
- Create and maintain playbooks / runbooks and SOAR automations to reduce MTTR and analyst load.
- Develop and maintain detection coverage metrics and SLAs; own escalations and communication with customers for incidents.
- Mentor and train Tier 1/2 analysts; conduct quality reviews of investigations and escalate when appropriate.
- Contribute to the development, documentation, analysis, testing, and modification of threat detection systems and playbooks.
- Provide feedback on gaps or improvements needed in processes, documentation, or technology.
- Maintain an up-to-date knowledge of threat actor techniques and tools and share insights and best practices with the broader team, championing a culture of continuous learning.
Requirements:
- 5+ years of experience in cybersecurity operations (monitoring, detection, investigation, and incident response).
- Strong endpoint, OS (Windows, Linux, macOS), and networking knowledge including ability to read logs, parse artifacts, and interpret network flows.
- Scripting, and automation such as Python, PowerShell, Bash, and ability to author detection queries and automate tasks.
- Familiarity with malware analysis concepts (static/dynamic), YARA, and reverse-engineering basics.
- Understanding of identity & access compromise, lateral movement, persistence mechanisms, and enterprise attack surfaces.
- Expertise with various log sources, such as Office365, Azure, Entra, SharePoint, OneDrive, Exchange Online, Windows Active Directory, Windows Event Logs, Syslog, DNS, VPN, and the ability to interpret and analyze these logs for anomalies and security incidents.
- Expertise with various log sources, such as Office365, Azure, Entra, SharePoint, OneDrive, Exchange Online, Windows Active Directory, Windows Event Logs, Syslog, DNS, VPN, and the ability to interpret and analyze these logs for anomalies and security incidents.
- Excellent written and verbal communication; experience producing incident reports and presenting to technical and executive stakeholders.
Senior Security Consultant
Role and Responsibilities
- To support all Pre & Post Sales activities for security consulting projects such as; Penetration Testing, Host Assessments, Web Application Security, Wireless Security Assessment, Social Engineering, Source Code Reviews, Mobile Application Penetration Testing, Red Team Exercise etc. Such activities may include; presentations, proposal preparation, actual hands-on work, demos, etc.
- To assist team member (Security Consultants & Associate Consultants) in terms of advisory, technicalities and project management.
- To ensure that all committed project deliverables are met in a timely manner.
- Reports directly to Technical Director.
Qualifications and Education Requirements
- A Diploma / Degree in IT or a computer-related field is preferred.
- Strong knowledge and experience in performing both manual and automated based security testing and assessment are required (any past experience in publishing of new security exploits are advantageous).
- Professional IT security certifications such as OSCP, OSCE, CPSA, CRT, GWAPT, GPEN, GMOB, Red Team etc. are advantageous.
- Good project management and leadership skills are required.
- Familiar with Penetration Testing Methodologies such as OSSTMM, OWASP, NIST, PTES and etc.
- Has proficiency in Programming Language such as Java, Python, Perl etc. (Any Relevant Programming Background would be advantageous)
- Good understanding on Networking knowledge
- Good communication and interpersonal skills are required.
Our Work
At FIRMUS, our people are the foundation of our success. By forming a positive work environment that supports our business objectives, we strive to be the regional cybersecurity leader pioneering innovation in building a cyber security ecosystem.
Our Values
Trust, Reliable and Care are our core values that form the foundation of our approach in embracing diversity, equity and inclusivity. These values enhance our services and enrich our stakeholders’ experiences. Our mission is to partner with customers, providing innovative solutions and good practices to support them achieve their goals.
Our Culture
We prioritize comprehensive professional growth and development, and overall well-being through training, mentorship, and a supportive environment. By methodically listening to and rewarding talent, we empower our team to excel and pioneer advancements in cybersecurity.
Best Employer Award – SME, Central Region – 2023
SME Best Employer 2023 – Silver Award
Send Us Your Resume!
Become part of FIRMUS, where we unite to achieve exceptional results, care passionately about our work, and drive meaningful impact.
