Exciting opportunity for passionate cyber security practitioners, who want to use their skills and knowledge to make a difference in the world we live in.
This role will challenge you to enhance and secure mobile and web applications to make a direct impact on the way we integrate technology into our daily lives. You will be required to assess and remediate security practices and processes to ensure the delivery of applications have vulnerabilities resolved and mitigated.
- Has at least 3 years of work experience in the area of application security assessment;
- Experience in threat modelling – able to prepare threat profile to identify, quantify andÂ address security risks;
- ExperiencedÂ in conducting secure code review, verifying security controls are present, working as intended;
- Knowledge ofÂ Static Application Security Testing (SAST) or Dynamic Application Security Testing (DAST)Â tools, e.g. Appscanner, Fortify, Veracode, Appscan, Burp suite, Qualys, Webinspect;
- Experienced with Agile System Development Life Cycle;
- Knowledge of web and mobile application development e.g. Node.js, RoR, ASP.Net, Android & IOS;
- Knowledge of security best practices,Â secure coding practice guidelines, OWASP, CoBIT framework,Â ISO 27001;
- Excellent communication and presentation skill;
- A strong team player with passion to share security knowledge.Â
- Experience as a penetration tester is an advantage;
- Certified Secure Software Lifecycle Professional (CSSLP);
- Offensive Security Certified Professional (OSCP).
- Responsible to define appropriate security requirements for web and mobile applications;
- â€‹Lead in threat modelling to identify and resolve security risks;
- Identify gaps in security and improve security protocols and procedures in application development processes;
- Responsible to conduct security assessments using automated and manual tools and to provide resolution controls;
- â€‹Responsible to conduct and develop secure code reviewsÂ to resolve vulnerabilities;
- Disseminate application security findings,Â standardsÂ and approach within the team;
- Enhance security competency in development team (e.g. secure coding practices and processes);
- â€‹Provide training to development team on security standards,Â policies, procedures and quality assurance best practices related to secure coding.