Exciting opportunity for passionate cyber security practitioners, who want to use their skills and knowledge to make a difference in the world we live in.
â€‹We are looking for an Application Security Specialist to effective mitigate application risk and to provide expert advices to project teams in application securityÂ so as to reduce number of vulnerabilities detected in security assessment.
This role will challenge you to enhance and secure mobile and web applications to make a direct impact on the way we integrate technology into our daily lives. You will be required to assess and remediate security practices and processes to ensure the delivery of applications have vulnerabilities detected,Â resolved and mitigated.
- Bachelor DegreeÂ in Computer Science or Information Technology;
- Has at least 3 years of work experience in the area of application security;
- Experience in threat modelling – able to prepare threat profile to identify, quantify andÂ address security risks;
- ExperienceÂ to identify common web application vulnerabilities and posses the technical knowledge to address andÂ mitigate those vulnerabilities;
- ExperiencedÂ in conducting secure code review, verifying security controls are present, working as intended;
- Knowledge of application security including Identity and Access management (IDM) solutions;
- Familiar with secureÂ Web Services, Web and mobile API architecture (such as RESL, SOAP, SSL/TSL, HTTPS);
- Good knowledge of security best practices,Â secure coding practice guidelines, IM8, OWASP, CoBIT framework,Â ISO 27001;
- Excellent communication and presentation skill.
- Certified Information Systems AuditorÂ® (CISA);
- Certified Information Systems Security Professional (CISSP);
- Knowledge ofÂ Static Application Security Testing (SAST) or Dynamic Application Security Testing (DAST)Â tools.
- As a Application Security Subject Matter ExpertÂ to define appropriate security requirements for new (web and mobile) applications;
- Responsible for theÂ design, developmentÂ and implementationÂ related toÂ theÂ application security aspect of the new applications;
- Apply and ensure cyber security principles are adhere at each stage of theÂ software development lifecycle;
- â€‹Lead in defining threat modelling and to recommendÂ theÂ appropriate mitigation solutions;
- Identify gaps in security and improve security protocols and procedures in application development processes;â€‹
- Disseminate application security findings,Â standardsÂ and approaches within the team;
- Enhance security competency in development team (e.g. secure coding practices and processes);
- â€‹Provide training to development team on security standards,Â policies, procedures and quality assurance best practices related to secure coding;
- ParticipateÂ in Governance, Risk management, Compliance (GRC) related activities.