Job Description

Discover your opportunity with one of the largest retail financial solution companies in Malaysia. The Application Security Specialist is a key member of the Information Security Team in supporting global information security program. The specialist will have a solid proficiency in penetration testing methodologies and platforms, scripting and programming used for security testing, and have had wide exposure to application and systems testing and vulnerability assessments programs.

Application Security Specialist

Discover your opportunity with one of the largest retail financial solution companies in Malaysia. The Application Security Specialist is a key member of the Information Security Team in supporting global information security program. The specialist will have a solid proficiency in penetration testing methodologies and platforms, scripting and programming used for security testing, and have had wide exposure to application and systems testing and vulnerability assessments programs.

Main Duties & Responsibilities

• Conduct security review of application design, architecture, and source code
• Static (SAST) & Dynamic (DAST) Application Security Testing and/or penetration testing of applications and source code, auditing results with development and/or security teams and offering plans for remediation of vulnerabilities
• Provide application security support to development teams, including reviewing and explaining application security tools and processes and performing basic configuration of scans
• Communicate effectively across a wide range of stakeholders and able to explain security issues in business language and business issues in security language
• Perform threat analysis and threat modeling to discover potential threats and vulnerabilities in application and provide solution/mitigation plan.
• Research and keeping application up to date on latest security trend and capable to guide development teams of new technologies adopted by the company
• Coordinate with team members to manage enterprise Web Application Firewall
• Stay up to date on attack intelligence by collaborating internally via our Red Team / Pentesting findings and Cyber Security Operations Center (CSOC) teams

Candidate Profile:

• Minimum bachelor\'s degree in Computer Science / Information Technology or equivalent
• CISSP any other relevant certifications around Cybersecurity and Network will be an added advantage
• 5 years and above relevant experience in IT security or compliance required
• Understanding of command line scripting and implementation (i.e., Python, PowerShell, JavaScript, Perl, etc)
• Demonstrable experience in rolling out DevSecOps program and related tools & processes
• Hands-on experience with at least 2 AppSec tools such as Static Application Security Tests (SAST), Software Composition Analysis (SCA), Container Security (CSec) or Dynamic Application Security Testing (DAST)
• Strong technical understanding with manual / automated penetration and vulnerability testing and static code analysis is strongly desired
• Experience in working with BugBounty program would be advantageous
• Fair understanding in web and native application exploitation (SQL injection, click-jacking, Buffer Overflows, cross-site scripting, etc.)
• Experience in working at least one cloud service provider (AWS, Azure, GCP, etc.)
• Good knowledge in cryptographic concepts and applied cryptography
• Exceptional problem-solving skills
• Strong interpersonal and communications skills

Should you be open to take on the challenge, please kindly forward your CV to Wei Hong Lee at weihong.lee@adecco.com for a confidential discussion.

Adecco