Application Security Engineer

  • Attractive
  • Singapore Singapore Singapore SG
  • Permanent, Full time
  • Non-disclosed
  • 16 Sep 18 2018-09-16

The application security engineer is a key role responsible for providing advisory, control and support on all security aspects of the bank applications.

Responsibilities:

  • Integration of security into software development during design and  development
  • Analysis of IT systems architecture in terms of security and risk/threat modelling
  • Contribution to the definition of the different types of security tests to be performed
  • Supporting the development team in terms of secure development practices
  • Supporting the infrastructure/middleware teams in terms of securization
  • Performing security code reviews and white box penetration testing during the development sprints
  • Automation of security testing process
  • Coordinating with the third party vendors and internal stakeholders for the penetration and black box testing
  • Review and assess the results of external penetration testing, and agree corrective action
  • Supporting the development teams to reproduce issues
  • Research and monitor current software security risk
  • Provide software security training to the development team

 

Requirements:

  • Bachelor’s degree in Computer Science or the equivalent. A master’ s degree is a plus
  • At least 2+ years of hands-on experience doing security code analysis or reviews
  • At least 2+ years of hands-on experience doing penetration and vulnerabilities tests
  • At least 2+ years of hands-on experience as a software developer
  • Any certification around security: GSSP-JAVA, GWEB, ECSP, CSSLP, CEH, CES etc.
  • Strong critical thinker with problem solving aptitude.
  • Capacity to provide deep perspective on cyber and security threats
  • Excellent written and oral communication skills
  • Knowledge and experience of common security protocols (e.g. TLS, OAuth 2.0, SAML, Open ID Connect, LDAP etc.) and crypto libraries (Open SSL, JWT etc.)
  • Knowledge and experience of server side security, authentication and authorizations mechanisms
  • Knowledge and experience of Web security (OWASP etc.) and Javascript/SPA security
  • Knowledge and experience of static code security analysis and security code reviews
  • Knowledge and experience of vulnerabilities/penetration testing
  • Experience of a secure software life cycle in a software house or large IT department
  • Software development experience