This job listing expired on May 12, 2022
Job Responsibilities
- Plans, organizes and manages security related to application.
- Develop and maintain security policies, security standards, security processes and best practices into SDLC to compliance with regulations such as RMiT and TRM.
- Manage vulnerability check tools such as Static Code Analysis, Software Composition Analysis and Dynamic Code Analysis tools.
- Conduct regular security assessments such as critical security design review, code review and application security testing.
- Discover potential threats and vulnerabilities in application and provide solution/mitigation plan.
- Monitor and response to security breaches/threats/vulnerabilities. Investigate and remediate security incidents.
- Assists in auditing and compliance related to security.
- Coordinate application pen-testing with software engineer to fix the finding.
- Research and keeping application up-to-date on latest security trend.
- Collaborate with software engineers and devops in securing application.
- Provide security training and guidance to software engineers or other team member.
- Mentor and coach members of the team.
Pre-Requisites
- Bachelor’s degree in Computer Science / Information Technology or equivalent.
- Minimum of 5 years working experience of relevant experience in securing application.
- Experience with vulnerability check tools such as Static Code Analysis, Software Composition Analysis and Dynamic Code Analysis tools
- Experience with application security testing with tools and/or manually.
- Strong knowledge in web protocols, authentication mechanism, cryptography, application security, cloud architecture and/or network infrastructure security.
- Has experience writing and testing web application and web services in the following programming languages: NET Framework, .NET Core, ASP.NET, Node.js, Javascript.
- Familiarity with development tools including Visual Studio, JIRA, GIT and Jenkins.
- Must be able explain all vulnerabilities and weaknesses in the OWASP Top 10 & CWE 25 to any audience and discuss effective defensive techniques.
- Familiarity with industry standards and regulations including PCI, ISO27002, RMiT and TRM is desired.
- Holding security related certification such as CEH, CASE, CASS, CISSP is a plus.
- Positive attitude and eagerness to learn, along with quality team lead role.
- Good interpersonal skills and able communicate well to team and management.
- Able to work independently and proactive personality.