Application Security Engineer

Location Singapore River, Singapore
Job reference SGP/495738_1562321536
Salary Negotiable
Consultant name Manalo Frances Diana Delos Santos
Consultant email diana.delossantos@experis.com.sg
Consultant contact no. 65515326
EA License No. 02C3423
Consultant Registration No. R1219552

Our client is seeking a motivated and energetic individual who is interested in working customer security professionals and software developers to improve application security in a measurable way. The Application Security Consultant will focus on training developers and security teams on application security best practices by providing code-level remediation advice on potential application vulnerabilities that were identified by the company. As a Security Consultant, you will:

  • Explain weaknesses and vulnerabilities found in our customers' code and provide coaching on how to fix them
  • Be get exposure to a range of programming languages, frameworks, architectures
  • Act as part of a close-knit global team, learning from and teaching your peers
  • Be a subject matter expert in application security and provide consultative services to customers introduce customers and prospects to the use of the service interact with a variety of customer personnel, ranging from software developers to security executives.
  • Help users and various stake-holders within the customer organization interpret results from the software service, and tailor the presentation to the appropriate audience.
  • Guide Developers through using software services where required
  • Participate in the sales efforts as needed when technical capabilities of the service are presented.
  • Become an active participant and trusted advisor throughout the customer SDLC.
  • Work with the comany product strategy team to file and track customer enhancement requests.
  • Train and mentor new employees.

This position requires a motivated individual that strives to find solutions that align with client needs while providing a repeatable solution(s) that can be reused across multiple programs. It will require constant and effective communication with internal/external cross-functional teams; This individual will have the opportunity and freedom to cultivate new and innovative solutions which will benefit our entire client base.

Skills and experience required:

Candidate will operate as member of application security consulting team delivering tactical mentorship and strategic consulting in terms of general application security awareness, secure development best-practices, and effective utilization of company services. Ability to effectively communicate application security concepts to developers unskilled in these is essential, as is the ability to also function as a trusted advisor to security stakeholders within client organizations. Additional opportunities of the role include threat analysis and modelling, evaluation of effectiveness of compensating controls within and beyond application implementation logic, creation of client security program recommendations. The role requires:

  • Willingness and eagerness to learn new programming languages on the job
  • 2+ years of recent software development experience-- either professionally or as an Open Source contributor, or an avid hobbyist.
  • Understanding of Application-level security and secure coding practices.
  • Proficiency in one of more of the following programming languages; C, Javascript, C++, C#, Java, or PHP Hands-on experience with one or more of the following: Visual Studio or Eclipse, Team City, Jira, Hudson, Jenkins, or Cruise Control. Archer, SAML/SSO, VMware Databases, Command Shell scripting.
  • Excellent "Client-side" manner
  • Client requirement gathering, prioritization and scoping experience.
  • Strong technical writing skills.
  • Excellent problem-solving and organizational skills.
  • Ability to apply these skills cooperatively in a collaborative team environment.
  • Additional Skills and Experiences: Familiarity with CVSS, CWE, OWASP, WASC and SANS-25.Experience with source code analysis and interactive application security testing products, Penetration Testing. Understanding of common risk mitigation practices and technologies such as firewalls, ACLs and multi-factor access controls,; SaaS, Professional Services
  • Training/Mentoring experience also desired.

EA Licence Number: 02C3423

Registration Number: Frances Diana delos Santos Manalo, R1219552

Frances Diana delos Santos, Manalo EA License No.: 02C3423 Personnel Registration No.: R1219552