Job Description

Posted 26 August 2025
LocationKuala Lumpur
Job type Permanent
Discipline GTS
ReferenceJ15763
#

Job description

We're looking for people to join the Access family, who share our passion for believing in better, and who will help us continue to grow. Love Work. Love Life. Be You. - is central to our success and how we give our customers the freedom to do more of what's important to them. What does Access offer you? We offer a flexible, hybrid working environment where you can balance work and life while maintaining a strong office team-based culture. We deliver on what we say, taking the development of our people seriously. We'll work with you to progress your success plan and provide opportunities to accelerate your career. On top of a competitive salary, our wellbeing days taking you to 25 days leave a year and a health contribution, you'll also be able to choose from a range of benefits to suit you. We're an organisation that likes to give back, so you'll also have three charity days allocated to support a cause that matters to you. Position Overview We are seeking a motivated Product Security Vulnerability Management Engineer with 2-3 years of experience to support, manage, and contribute to our comprehensive product security program. This role will be instrumental in operating and enhancing our Application Security Testing Platform, supporting the Secure Software Development Lifecycle (SSDLC) Platform, and enabling DevSecOps integration across our development ecosystem. The position focuses on maintaining automated security testing across the entire product stack while learning to implement secure development practices throughout the organization and collaborating closely with development teams to embed security throughout the software development lifecycle. The ideal candidate will have hands-on experience with automated security testing tools, DevSecOps practices, a solid foundation in product security principles, and be ready to take on increased responsibilities in vulnerability management, developer engagement, and security program optimization while continuing to develop their expertise in secure SDLC implementation and NIST framework alignment. Key Responsibilities Application Security Testing & Analysis oSupport the development and maintenance of testing orchestration processes to ensure seamless integration across multiple security tools oAssist in maintaining and optimizing the unified security testing platform integration with development workflows DevSecOps Integration & Enablement oPartner with development teams to integrate security testing into CI/CD pipelines and help reduce friction in security adoption oSupport DevSecOps integration and orchestration activities, including container security scanning and policy as code implementation oAssist in maintaining pipeline security coverage and security gate automation across development workflows oContribute to container vulnerability metrics collection and policy compliance monitoring oSupport Infrastructure as Code (IaC) security scanning and compliance checks oCreate security-focused monitoring and logging solutions for production environments with senior team guidance Secure SDLC Support & Implementation oSupport threat modeling activities, security requirements generation, and secure architecture pattern implementation aligned with NIST Secure Software Development Framework oContribute to the operation and maintenance of the Secure Software Development Lifecycle (SSDLC) Platform oAssist in ensuring security activities are integrated throughout the software development lifecycle oSupport security gate implementation and help track security gate pass rates oParticipate in architecture reviews and provide input on secure design patterns oContribute to security requirements coverage and documentation Vulnerability Management & Reporting oTrack and report on key security metrics including vulnerability detection rates, false positive rates, and developer adoption metrics oMaintain vulnerability findings database and ensure accurate tracking of remediation efforts oSupport mean time to remediation (MTTR) tracking and vulnerability aging metrics oGenerate unified security reports from multiple testing tools for stakeholders and management oMonitor application security coverage and identify gaps in testing coverage across the application portfolio oWork collaboratively with development teams to support remediation of high-priority vulnerabilities oSupport compliance efforts by ensuring alignment with NIST Cybersecurity Framework 2.0 controls Developer Collaboration & Security Enablement oProvide security guidance and training to developers on secure coding practices and vulnerability remediation oSupport developer onboarding security tools and processes, contributing to improved adoption rates oCreate and maintain developer-friendly documentation including integration playbooks and security guides oContribute to developer security enablement programs and security champion initiatives oSupport secure coding standards implementation and help track secure coding violations trends oAssist in security knowledge assessment activities and training satisfaction measurement Process Improvement & Continuous Learning oIdentify opportunities to enhance the application security testing platform and reduce false positives oEvaluate and assist in piloting new security tools and technologies to improve detection capabilities oContribute to security policy development and help establish security standards for application development oSupport incident response activities related to application security vulnerabilities oStay current with emerging threats and application security best practices through continuous learning oContribute to continuous improvement in security automation and tool efficiency Required Qualifications Education & Experience oBachelor's degree in Computer Science, Cybersecurity, Information Technology, or related field o2-3 years of hands-on experience in product security, application security, DevSecOps, or related security roles oDemonstrated experience with application security testing tools and methodologies oExperience supporting product security programs or secure development initiatives Technical Skills oProficiency with SAST, DAST, and SCA tools oUnderstanding of secure coding practices and common vulnerability types (OWASP Top 10, CWE Top 25) oExperience with CI/CD integration and DevSecOps principles oFamiliarity with programming languages commonly used in enterprise environments (Python, Java, JavaScript, C#, etc.) oKnowledge of web application security concepts and testing methodologies oBasic understanding of threat modeling methodologies (STRIDE, PASTA) oFamiliarity with container security and cloud-native application security concepts oUnderstanding of NIST frameworks including Cybersecurity Framework 2.0 and Secure Software Development Framework oExperience with Infrastructure as Code (IaC) security scanning tools oKnowledge of vulnerability management principles and practices Soft Skills oStrong analytical and problem-solving abilities with attention to detail oExcellent communication skills for collaborating with technical and non-technical stakeholders oAbility to work in fast-paced, agile environments while maintaining security standards oProject management capabilities for coordinating security initiatives across multiple teams oEagerness to learn and grow in product security expertise oPassion for continuous learning and staying current with security trends Key Performance Indicators oSupport improvement in mean time to detection (MTTD) for application vulnerabilities and maintain mean time to remediation (MTTR) below organizational targets oHelp maintain false positive rate below 5% across all testing types through tool tuning and process optimization oSupport achieving 95%+ developer adoption rate of security tools and processes oContribute to pipeline security coverage metrics and security gate automation rates oSupport achieving target percentages for projects with threat models and security requirements coverage oSuccessful participation in and delivery of security training and guidance sessions with positive training satisfaction scores oEffective support of development teams in remediation efforts with measurable improvement in vulnerability aging metrics oDemonstrate contribution to security gate pass rates and policy compliance rates oDemonstrated growth in product security knowledge and technical capabilities oActive participation in identifying and implementing process improvements oContribution to comprehensive and user-friendly security documentation and guides with measurable impact on developer satisfaction Become part of our amazing Access family! At Access we're all about helping everyone Love Work and Love Life because we believe people can only be at their best when they can be themselves, love what they do and do what they love.We love the fact that we're all different. Having more diverse perspectives at work improves how we run our business, helps us support our customers, and when you think about it, it's just more fun. So, no matter what makes you individual, as long as you're qualified, we can't wait for your application.