14 August 2020
Our client in the media industry is seeking a strong Application Security Engineer to assist in the maintenance of their automated source code scanning platform as well as to perform secure code reviews for their web and mobile applications.
- Bachelor in Computer Science or related field;
- Has at least 3 years of experience in application security;
- Experience in conducting secure code review, dynamic application security testing and manual security testing on both web and mobile applications;
- Ability to prepare threat profile to identify, quantify and address security risks;
- Good understanding of common web and mobile application vulnerabilities and how to mitigate these vulnerabilities;
- Familiar with DevOps and CI/CD;
- Knowledge of security best practices and guidelines within the industry;
- Excellent communication and presentation skills.
- Knowledge of Static Application security tools such as Fortify, Burp Suite Professional and Checkmarx;
- Familiar with Cloud Security (e.g. AWS, Azure);
- Handled Bug Bounty Program;
- Familiar with Container security implementation.
- Oversee the security practices and processes of the entire SDLC and to minimize all potential vulnerabilities;
- Develop secure application development practices, standards, guidelines and solutions to build up the organisation\’s application security capabilities;
- Perform application security assessment using threat modelling, vulnerability research, code scanning and application security testing;
- Work closely with various stakeholders (e.g. developers) to ensure that all vulnerabilities are mitigated;
- Partner the DevOps team to create tools and automation to improve the security within the CI/CD pipeline;
- Identify gaps in security and improve security protocols and procedures in the SDLC;
- Provide training and support to the development team on security standards, policies and processes.