Application Security Engineer (Digital Bank)

My client is a leading Digital Bank and looking for a passionate application security professional (AVP to senior AVP level) to be part of the banks Cyber Security team, to protect our applications and infrastructure from the ever-evolving threats. Qualified candidates are expected to: 

• Perform application and infrastructure vulnerability assessments, source code reviews, and internal penetration tests on web and mobile applications to identify vulnerabilities and security risks 
• Own and continuously enhance the bank’s application and infrastructure vulnerability management process, including end-to-end identification, tracking and remediation work 
• Work with external pentest team to perform independent penetration tests on web and mobile applications, triage the security findings and manage the remediations required 
• Participate in the system design and architecture security reviews of business projects to ensure security is incorporated into the early stages of the project development lifecycle 
• Work with our dev and devops team to ensure security is integrated into the SDLC, provide expertise in advising dev team on the mitigation of identified vulnerabilities and application security risks 
• Continuously enhance/improve the integration of security controls into CI/CD pipelines 
• Conduct training to dev team on secure coding best practices and vulnerability remediation 
• Ensure applications are designed and implemented following standard security principles such as layered defence, least privilege, etc 
• Respond to and investigate security incidents related to application security 
• Manage the bank’s application security systems 
• Maintain and enhance application security policies, standards and operational procedures 

• BS/MS in Computer Science / Computer Engineering / Cybersecurity with at least 4-year experience in cyber security and at least 2-year experience in penetration test/red teaming and vulnerability management ideally coming from a banking environment
• Experience in conducting application and infrastructure security assessments 
• Experience with application security and vulnerability assessment tools (e.g. Burp Suite, Kali Linux, Fortify, Nessus, NMAP) 
• Strong analytical and communication skills in real time problem-solving 
• Relevant certifications such as OSCP and CISSP will be an added advantage 
• Proficient in English and Mandarin to communicate with our Mandarin speaking stakeholders