[ref. s12629820] Assurity Trusted Solutions - Application Security Engineer

In a dynamic digital and cyber landscape, where trust & collaboration are key, ATS continues to drive mutually beneficial business outcomes through collaboration with GovTech, government agencies and commercial partners to mitigate cyber risks and bolster security postures.

You will be a member of the application security core center of competency under the Development & Innovation for Technology ProducTisation & Operations (DITTO) department.

You will provide application security consultancy and support to the application teams in areas such as security assessments, DevSecOps, security training and awareness to raise the application security level of competency and standards of our people and organisation.

• Plan the application security roadmap to improve the way application security is practiced in the organisation.
• Develop secure application development practices, standards, guidelines, and solutions to raise the application security practices of our application teams.
• Maintain various application security processes and automated source code scanning platform in the organisation.
• Perform secure code quality reviews and conduct application penetration testing/vulnerability assessment.
• Support various types of application testing and delivery (e.g. CI/CD) within the organisation.
• Train and up-skill developers in the area of secure coding in various programming platforms such as Java, C#, PHP etc. and to write security acceptance criteria in user stories.
• Train the applications team to write security unit tests and perform secure coding assessments.
• Work with DevOps team to improve security in the CI/CD pipeline.

• At least 3-5 years combined work experience in software development, application security and cloud computing (e.g. Azure, AWS).
• Experience in conducting manual secure source code review in at least one of the following programming platforms in both waterfall and Agile approach: Java, PHP, Javascript, C#, Android, iOS.
• Experience in threat modelling and able to establish threat profiles for application projects to identify, quantify and remediate application security risks.
• Experience working with mobile and web application programming interfaces (API) architecture (e.g. REST, SOAP, SSL/TLS).
• Demonstrate knowledge in industry security best practices such as OWASP Top 10, OWASP application security verification standard.
• Experience on using SAST code scanning tools such as Checkmarx, Sonarqube, etc.
• Familiar with Agile Development process, CI/CD, DevOps concepts, tools (Git, Gitlab, Github, Jenkins, Ansible etc) and how automated security testing can be incorporated into CI/CI pipelines.
• Collaborate extensively with various teams (application, networking, infrastructure) to maintain, establish and deliver application security services for the organisation.
• Good verbal/written communications skills and experience interacting with various stakeholders.
• Strong interest and passion for the field of application security.
• Strong problem-solving and troubleshooting skills.
• Self-reliant with an analytical and creative mind.
• Experience working with industry APIs such as Apigee or equivalent.
• Certification in CISSP (Certified Information Systems Security Professional)
• DevOps related certifications e.g. Azure DevOps Engineer Expert or AWS DevOps Engineer
• Offensive Security Certified Professional (OSCP), Offensive Security Web Expert (OWSE)
• Experience in working with Government Commercial Cloud (GCC)

Join us and discover a meaningful and exciting career with Assurity Trusted Solutions!

The remuneration package will commensurate with your qualifications and experience. Interested applicants, please click "Apply Now".

We thank you for your interest and please note that only shortlisted candidates will be notified.

By submitting your application, you agree that your personal data may be collected, used and disclosed by Assurity Trusted Solutions Pte. Ltd. (ATS), GovTech and their service providers and agents in accordance with ATS’s privacy statement which can be found at: https://www.assurity.sg/privacy.html or such other successor site.

• A wholly-owned subsidiary of GovTech.
• We promote a learning culture and encourage you to grow and learn.