Open Roles

Application Security Engineer

[ Product Engineering ]

We’re hiring multiple roles in Malaysia and Indonesia for exciting software products development.

Those who are passionate in cutting-edge technology, please reach out to our Talent Acquisition at [email protected]

As an Application Security Engineer, you translate security needs into technical application design & implementation. You plan, estimate, and implement security solutions in an agile environment.

Responsibilities:

  • You will be involved with a broad set of cloud technologies, implementing requirements around security and automation of our service deployments.
  • Your primary responsibility is ensuring our technical designs and specifications adhere to our security standards by:
  • o initiating design and task reviews
  • o defining detailed security requirement specification in stories
  • o regular audits to ensure deliverables adhere to the security requirements.
  • You will be the bridge between software engineering team and security team to strive for a balance between deliveries and security:
  • o Assess and reproduce vulnerabilities highlighted by security team and apply mitigation measures or remediation.
  • o Present exceptional cases to security team when remediation is unavailable.
  • You will evaluate and develop adequate secure software development and implement lifecycle processes to safeguard our applications throughout their life cycle.
  • You also need to take responsibility to coach and develop team members about security best practices and guidelines in their role.

Qualifications:

  • Bachelor’s degree in computer science, cyber security or in similar fields – Master/PhD is a bonus
  • 3+ years professional experience as an Application Security Engineer or similar role
  • Excellent analytical capabilities, communication skills, high commitment, self-responsibility, and customer orientation
  • Experience in software development and familiar with continuous integration and tool chain (CICD).
  • AWS and cloud platform as a service (PaaS) security
  • Up to date with the trending vulnerabilities, threats, mitigation, and remediation.
  • Team player with hands-on mentality and able to set priorities to craft a direction
  • Experience in working within agile teams, and comfortable with continuous delivery.

Must have technical skills:

  • Strong conceptual knowledge on Microservices and application security.
  • Up to date with trending threats and vulnerabilities.
  • Experience in handling SAST, DAST and penetration testing results.
  • Experience in application vulnerability assessment and tooling – Veracode preferred.
  • Experience in application vulnerability management processes and secure application life cycle management processes.
  • Proven hands-on experience with vulnerability remediation and mitigation.
  • Proven hands-on experience with VCS and build tools – Git, Maven, Gradle, NPM
  • Proven hands-on experience with CI/CD – GitLab preferred.
  • Development experience in any programming language – Java, NodeJs preferred.
  • Experience in any cloud service provider – AWS preferred.

Good to have technical skills:

  • Experience in security monitoring and alerts – Datadog preferred.
  • Experience in threat modelling process.
  • Experience in orchestration and automation technologies – CloudFormation, Terraform, Ansible
  • Experience on database security.
  • Experience with cloud/system monitoring tools – CloudNative, ELK, Datadog, etc.
  • Experience in event driven architecture, GraphQL.
  • Experience with Frameworks – Springboot, Angular, etc.

Must have soft skills:

  • Good command of English
  • Ability to work independently with minimal supervision.
  • Ability and willingness to pick up new technical knowledge with minimal guidance.
  • Team player – willing to adapt to the team’s culture and way of working.
Apply Now

← Back