#SGUnitedJob Application Security Engineer
GOVERNMENT TECHNOLOGY AGENCY
Information Technology, Public / Civil Service
We are a team in GovTech that aims to design and develop software applications that help government agencies better serve the needs of Singaporeans. We adopt an Agile development approach and work towards adopting best practices and cutting edge tools in secure software engineering.
We invite interested applicants who are passionate about change and transformation to join us as an Application Security Engineer and take on the exciting and challenging roles of designing, developing and implementing our new digital service.
As a Application Security Engineer, you will be responsible for planning our AppSec roadmap, standardisation of our AppSec practices and solutions, and delivery of AppSec professional services to our application teams. The AppSec professional services range from providing AppSec consultancy to application teams, to delivery of security assessments to training application teams so as to uplift their AppSec capabilities.
What to Expect:
- Study and propose AppSec roadmap to uplift the way apps security is practised today.
- Develop secure application development practices, standards, guidelines and solutions with the aim to standardise and raise the AppSec practices of our application teams
- Train up the Business Analysts to write security acceptance criteria in user stories
- Train up the Software Engineers to write security unit tests and secure coding
- Train up the Quality Engineers to write security test cases
- Work with DevOps team to improve security in the CI/CD pipeline
- Introduce threat modelling/threat model to the MOM development centre
- Define a communications and education framework to raise the AppSec awareness, capabilities and competencies of security champions.
- Provide security guidance to Engineering and Product teams
- Perform AppSec assessments for selected applications using a combination of threat modelling, vulnerability research, code scanning, application security testing and recommendation of proper remediation actions.
How to Succeed:
- Degree in Computer/Computer Science or Electronics Engineering or Information Technology or equivalent
- Minimum 2 years of relevant experience in web or mobile-based application security
- Certification in CISSP (Certified Information Systems Security Professional) and/or CISA (Certified Information Systems Auditor) is a plus
- Strong interest and passion for the field of infocomm security, specifically in the area of application security
- Familiar with application security review and testing approaches/methodologies in both Waterfall and Agile application development
- Familiar with the concept of CI/CD and DevOps, and how security testing can be integrated and automated as part of software delivery pipelines
- Able to recommend use of appropriate AppSec tools (e.g. static code scanners, dynamic application security testing scanners, etc) and assist applications teams in adopting these tools
- Familiar with implementation of best practices in security for secure coding (e.g. input validation, code review process, IDE security plugin, pre/post-commit security hooks) and assist applications teams in adopting these tools and practices
- Strong problem-solving and troubleshooting skills
- Proactive self-starter with an analytical and creative mind
- Result and customer oriented with multi-tasking capabilities
- Excellent written, verbal communication, presentation and negotiation skills
Bonus points for:
- Experience as penetration tester and source code reviewer is an added advantage
- Singapore Citizen
Closing on 24 May 2021