Job Description

Role: Application Security Key Responsibilities: * Provide security consultancy, technical guidance, expertise and solutions. * Advise and review application security design to detect potential Role: Application Security Key Responsibilities: Provide security consultancy, technical guidance, expertise and solutions. Advise and review application security design to detect potential security issues and for each issue, propose and drive remediation tasks. Help application team in developing and implementing security test and verification scripts for testing and validating security controls/issues. Able to engage and execute security vulnerability scanning activities (VAPT/SAST/DAST/MAST activities etc) & triage security findings. Define scope and review the results of security tests, reviews, and audits to ensure security assurance is achieved. Identify and assess cyber risks in the application and network. Perform threat modelling on security-critical applications. Recommend and drive cyber security solutions and initiatives to improve the cyber security of the organisation. Deliver security projects, such as the implementation of security software, POC of DevSecOps tool and create rules/scripts that help identify latest security issues Ensure clients' compliance policies/procedures are met through ongoing security reviews, audits, and exercises. Skills: CISSP/CCSP/CCSK/OSCP/CSSLP certification or its equivalent is preferred In-depth knowledge of security concepts regarding web, iOS, Android and Rest API security. Understanding of current and emerging security technologies and threats. Proficient with methodologies, tools, best practices and processes across various cybersecurity areas. Proven experience with threat modelling and risk analysis. Ability to gather written and verbal information from multiple sources, and assess and consolidate risks to provide appropriate recommendations. Hands-on experience with penetration testing and vulnerability analysis frameworks and tools. Optional Skills: Familiar with Gov standard of security posture including planning and running Security Compliance Check, Security Vulnerability Scanning Familiar with IM8 policies Familiar with SSO, OIDC/SAML and MFA Framework