We are looking for an application security engineer with 4-6 years of working experience securing Web, API, and Mobile Apps. Prior experience in industries such as Fintech is highly desirable; interest and experience in security automation are a big plus!
Technical Capabilities:
a. Application Security Assessments:
- Conduct in-depth security assessments for web applications, APIs, and mobile applications.
- Perform thorough penetration tests to identify and exploit vulnerabilities.
- Provide technical expertise in secure coding practices and vulnerability remediation.
b. Automation and Integration:
- Design and implement security automation to enhance the efficiency of security processes.
- Integrate security tools into the development and CI/CD pipelines to automate security checks.
c. Process Development:
- Develop, implement, and continually refine processes for application security assessments and red teaming activities.
- Define and enforce secure coding practices through the development of comprehensive guidelines.
- Collaborate with cross-functional teams to seamlessly integrate security practices into the development lifecycle.
Qualifications & certifications:
a. A bachelor's degree with a focus on computing/IT
b. Possess and maintain at least one of the relevant technical certifications, such as:
- OSCP (Offensive Security Certified Professional)
- GWAPT (GIAC Web Application Penetration Tester)
- OSWE (Offensive Security Web Expert)
- CRT (Certified Red Teamer)
c. Good English proficiency is a must: effective communication with diverse team members and stakeholders.
Behavioral & soft skills required:
- Self-starter with a proactive attitude and proven ability to work independently with minimal supervision.
- Ownership mindset, demonstrating high self-motivation in leading security initiatives and projects.
- Continuous learner with a strong appetite for experimentation and interest in automating security processes.
- Excellent analytical skills for assessing and solving complex security issues.
- Clear and concise communicator adept at conveying security concepts to technical and non-technical stakeholders.
- Proficient in creating comprehensive security reports and documentation for various audiences.
