Job Description

Roles and Responsibilities:

• Evaluate and analyse threat, vulnerability, impact, and risk of security issues discovered from various DevSecOps tools such as Static Application Security Testing (SAST), Software Composition Analysis (SCA), Interactive Application Security Testing (IAST), Dynamic Application Security Testing (DAST)and Container Security platform.
• Advise and collaborate with DevOps teams, developers, application, and project teams on the security issues, including explanation of the technical details and how they can remediate the vulnerabilities in their applications.
• Develop and design DevSecOps metrics, policies, processes, and procedures.
• Provide training to developers and other stakeholders on the usage of the tools.
• Assist with implementing and designing automated security checks and additional security tools within the CI/CD pipelines.
• Proficient understanding of programming languages.
• Knowledge in scripting to support the automation and continuous improvement of processes
• Knowledge in build/release tools and methodologies in CI/CD pipelines.
• Conduct POCs and work with vendors for DevSecOps tools to achieve security automation and efficiency.
• Liaise with external vendors and oversee the resolution of incidents and technical issues related to the security tools.
• Effectively communicate and manage expectations of various stakeholders.
• Keep abreast of the latest industry trends in security and DevSecOps processes and make continuous recommendations for improvement.

• Minimum 5 years of cyber security experience.
• Sound technical background of working with SAST, SCA, DAST, IAST and other vulnerability scanning tools.
• Prior experience in performing secure code reviews, web and mobile application penetration tests.
• Solid understanding of full DevSecOps pipeline, Agile methodology, container security, APIs and microservices.
• Capable of working with various CI/CD tools.
• Analytical thinker with excellent communication skills.
• A recognized university degree in Computer Science, Computer/Electrical Engineering, Information Technology or equivalent.
• Familiarity of MAS TRMG, PCI-DSS and other regulatory/industries requirements.
• Possesses certifications in cyber security field such as GWAPT, OSCP, CISSP etc.

eFinancialCareers