• Responsible for conducting application security testing
• Subject matter expert for application team in terms of application security
• Responsible for performing dynamic and static application security testing focusing on vulnerabilities assessments, static analysis and penetration testing using automated and manual tools.
• Produce clear but detailed test reports which shows conclusions of testing
• Review test results and analyse data to understand software risk and areas of concern
• Prepares, maintains and execute technical security plans
• Explain and demonstrate application vulnerabilities and provide recommendations for mitigation
• Communicate and provide advisory on security vulnerabilities with project team and stake holders
• Work with DevOps to automate application security tests into DevSecOps and Continuous Integration process
• Work with application development team to review codes, improve and educate team on secure coding
• Share security related information and expertise within the project team through on the job coaching, pairing, formal/informal classroom training or sharing
• Conduct internal and external security and compliance review on information assets
• Monitor regulatory requirement & technology advances to identify relevant trends & threats
• Degree or Diploma in Computer Science, Information Technology, Digital Media or related disciplines
• Possess professional certification such as CISSP, OSCP, CREST, CEH, CPTC, SAN, ISTQB CFTL or other relevant certification will be an added advantage.
• Minimum 2 years’ experience in secure code review in at least one of the following programing language/environment such as Ruby, Java, .Net, and/or Node.JS.
• Minimum 3 years’ experience in penetration testing on web application.
• Familiar with HTTP, SOAP, WSDL, REST, SSL standards, security models and common API client architecture
• Familiar with common web application vulnerabilities and technical knowledge to address and mitigate vulnerabilities
• Familiar with industrial security testing tools such as but not limited to Checkmarx, WebInspect, Fortify Suite, Burp Suite, Nessus, Kali Linux
• Experienced in secure scrum, agile testing environment will be an added advantage
• Good communication and interpersonal skills
• Good analytical and writing skills
• Good team player and meticulous"