15 January 2021
This role will challenge you to ensure software and systems are well designed and implemented to the highest security standards. You will be required to propose and integrate security practices and processes into software development and how security testing can be integrated and automated as part of software delivery pipelines.
- Degree in Computer Science, Engineering, Information Systems;
- Has 8 years of work experience in software development with 2 years in the area of Web / Application / Mobile Security;
- Experience in conducting secure code review, verifying security controls are present, working as intended;
- Experience in threat modelling – able to prepare threat profile to identify, quantify and address security risks;
- Familiar with CI / CD and DevOps concepts and how security testing can be integrated and automated as part of software delivery pipelines;
- Familiar with common web application vulnerabilities and technical knowledge to address and mitigate vulnerabilities;
- Knowledge of security best practices and secure coding practice guidelines;
- Excellent communication and presentation skill.
- Certified Information Systems Auditor – CISA , Certified Information Systems Security Professional – CISSP;
- Knowledge of AppSec tools (e.g. static code scanners, dynamic scanners).
- Lead a team to support the Agile application development team;
- Propose and integrate security practices and processes into software development to ensure the delivery of applications have vulnerabilities resolved and mitigated;
- Develop secure application development practices, standards, guidelines and solutions towards adopting technical best practices and uplifting the Application Security (AppSec) capabilities within the organization;
- Perform Application Security assessment using a combination of threat modelling, vulnerability research, code scanning, application security testing with recommendation of proper remediation actions;
- Work closely with DevOps Team to create tools and automation to help test and improve the security in the CI/CD pipeline;
- Apply & ensure cyber security principles are adhere to during entire system development lifecycle;
- Identify gaps in security and improve security protocols and procedures in application development processes;
- Disseminate application security findings, standards and approach within the team;
- Enhance security competency in development teams (e.g. secure coding practices and processes);
- Provide training to development team on security standards, policies, procedures and quality assurance best practices related to secure coding.