Job Description
Responsibilities and Requirements • At least 4 years combined work experience in software development, application security and cloud computing (e.g. AWS) • Familiar with mobile and web application programming interfaces (API) architecture (e.g. REST, SOAP, SSL/TLS) • Experience in threat modelling and able to establish threat profiles for application projects to identify, quantify and remediate application security risks • Strong knowledge of security best practices such as OWASP Top 10, OWASP application security verification standard • Familiar with Agile Development process, CI/CD, DevOps concepts, tools (Gitlab, Github, Ansible etc) and how automated security testing can be incorporated into CI/CI pipelines • Experience on using SAST code scanning tools such as Fortify-on-Demand, Sonarqube, etc • Track and address security vulnerabilities with timely remediation and patching processes. • Conduct security awareness training sessions • Good verbal/written communications, collaboration skills and experience interacting with various stakeholders • Strong analytical, problem-solving and troubleshooting skills, ability to work independently • Relevant certifications preferred (eg. CISSP, OSCP, AWS security, AWS DevOps Engineer or equivalent etc.) • Experience in working with Government Commercial Cloud (GCC) preferred
