Application Security Engineer

Description:

For this project, we are forming a team of 6 (including 1 team lead) to assist in a huge government project to perform the following scope of works:

1. Security Risk Assessment
2. Security Policies, Standards, Guidelines, And Procedures Review
3. Security Design
4. Application Security
5. Vulnerability assessment and
6. System Security Acceptance Testing
7. Cloud Security

The selected candidate will be working collaboratively within the team to fulfil the project requirements. As such, there is no expectation for one individual to possess all skill sets in the 6 domains.

As an expert in Application Security, your role will focus on providing expert advice, conducting security assessments, and helping government teams build security into every stage of their software development lifecycle.

Responsibilities:

• Perform comprehensive risk assessments of development environments, DevOps workflows, and CI/CD processes.
• Perform security assessments, threat modelling, and code reviews to identify vulnerabilities in applications.
• Review and recommend improvements in areas such as identity and access management, network security, secure SDLC practices, source code management, cryptographic key handling, and data protection.
• Guide application teams on adopting secure development practices and integrating security tools such as SAST, DAST, and VAPT into their workflows.
• Review existing CI/CD pipelines from a security perspective and provide expert recommendations to align with DevSecOps principles.
• Mentor and advise internal teams on secure coding practices across various platforms and languages (e.g., JavaScript, Node.js, Java, C#, Python, etc.).
• Develop and maintain secure coding guidelines and security standards.
• Collaborate with development teams to remediate security issues and provide guidance on secure coding practices.

• At least 3 years of experience in application security or software development with security focus.
• Strong experience in DevSecOps with a solid foundation in cybersecurity and risk assessment.
• Hands-on knowledge of secure software development lifecycle (SSDLC) principles and tools.
• Familiarity with integrating security testing tools and practices within CI/CD environments.
• Experience with secure coding and vulnerability assessments across common web and mobile technologies.
• Ability to work with and guide development teams without being directly involved in implementation.
• Excellent communication skills and the ability to translate complex security requirements into practical advice

•Work-life balance: Hybrid working mode, 18 days of Annual leave
•Health & insurance: Comprehensive coverage including General Practitioner, hospitalization, dental, and optical
•Performance incentives: Annual bonus based on individual performance
•Learning & development: Training programs, certification opportunities, and training incentives to support career growth
•Team culture: Regular team-building activities and social events