Exciting opportunity for passionate cyber security practitioners, who want to use their skills and knowledge to make a difference in the world we live in.
This role will challenge you to enhance and secure applications and systems to make a direct impact on the way we integrate technology into our daily lives. You will be required to assess and remediate security practices and processes to ensure the delivery of applications have vulnerabilities resolved and mitigated.
- Has at least 3 years of work experience in the area of application security;
- Experience in threat modelling – able to prepare threat profile to identify, quantify andÂ address security risks;
- ExperiencedÂ in conducting secure code review, verifying security controls are present, working as intended;
- Familiar with secureÂ Web Services, Web and mobile API architecture (such as RESL, SOAP, SSL/TSL, HTTPS);
- Familiar with common web application vulnerabilities and technical knowledge to address and mitigate vulnerabilities;
- Knowledge of application security including identity & access management (IDM) solutions.
- Knowledge ofÂ Real Time Messaging Protocols (RTMP) in theÂ security aspect, eg. MQTT, DDS;
- Knowledge of security best practices,Â secure coding practice guidelines, IM8, OWASP, CoBIT framework,Â ISO 27001;
- Excellent communication and presentation skill.
- Certified Information Systems AuditorÂ® (CISA);
- Certified Information Systems Security Professional (CISSP);
- Experienced with Agile/Scrum methodology;
- Knowledge ofÂ Static Application Security Testing (SAST) or Dynamic Application Security Testing (DAST)Â tools, e.g. Appscanner, Fortify, Veracode, Appscan, Burp suite, Qualys, Webinspect.
- Responsible to define appropriate security requirements for web and mobile applications;
- Be theÂ subject matter expert to design, developÂ and implement theÂ security aspect of application systems;
- Apply & ensure cyber security principles are adhere to during entire system development lifecycle;
- â€‹Lead in threat modelling to identify and resolve security risks;
- Identify gaps in security and improve security protocols and procedures in application development processes;â€‹
- Disseminate application security findings,Â standardsÂ and approach within the team;
- Enhance security competency in development team (e.g. secure coding practices and processes);
- â€‹Provide training to development team on security standards,Â policies, procedures and quality assurance best practices related to secure coding.