Job Description

Headquartered in Singapore, Advance Intelligence Group a Series D 'Double Unicorn' valued at US$2 billion, and also one of the largest independent technology startups based in Singapore. Founded in 2016, the Group has over 2000+ employees and has presence across South and Southeast Asia, Latin America and Greater China serving 1,000+ enterprise clients, 75,000+ merchants and 20 million+ consumers. The Group is backed by top tier investors SoftBank Vision Fund 2, Warburg Pincus, Northstar, Vision Plus Capital, Gaorong Capital, Pavilion Capital, GSR Ventures and Singapore-based global investor EDBI. We are also ranked as the No.1 Top Startups in Singapore by Linkedin for 2021.

We serve enterprise, consumers and merchants through our key Business Units:

• ADVANCE.AI is a leading big data and AI company providing digital transformation, fraud prevention and process automation solutions for enterprise clients in banking, fintech, retail and e-commerce.

• Atome Financial offers consumers greater financial access through technology with its suite of products including Atome, a leading "buy now pay later" brand, and digital lending services such as our flagship brands Kredit Pintar, and ND Finance.

• Ginee is a leading e-commerce merchant services technology platform serving numerous markets in Southeast Asia; providing comprehensive digital solutions for e-commerce, retail, brand and enterprise customers.

We are united by a shared vision and purpose: to Advance with Intelligence for a Better Life-for our customers, colleagues and communities.
Our culture is built on values that are core to who we are and what we stand for:

• We foster an INNOVATION mindset

• We achieve results with EFFICIENCY and excellence

• We take pride in the QUALITY of our work

• We uphold INTEGRITY in all we do

• We embrace COLLABORATION to work across business lines and borders

As an application security engineer, you will be responsible to provide leadership and oversight by setting the direction, strategy, deliverables, and operating model for Application Security focused on, Assessments & Testing function. Own the definition, implementation and ongoing maintenance of service roadmaps to ensure a fit for purpose services, processes and tools is in place to support the AppSec operational objectives.
Key duties & responsibilities: Support the CTO, Head of Engineering, project managers, Architect and Information Security Lead with the following:

• Overall responsibility for Application Security Testing services covering Code Security Reviews (SAST), Mobile Application Security Reviews, Software Composition Analysis, Web Application Scanning (DAST), Developer Security Enablement and Application Penetration Testing
• Driving the operation of Application Security tools, planning and execution of scanning and testing, researching and analyzing vulnerabilities, identifying relevant threats, corrective action recommendations, summarizing and reporting results.
• Ensure Application Security Testing services are agile to cater for testing requirements for DevSecOps and cloud-based environments
• Develop and advocate the use of automated testing tools and processes, standardized frameworks and standards to enhance the agility and effectiveness of application security services
• Manage and influence stakeholders in understanding risk exposure and containment measures from AppSec vulnerabilities the Group could be exposed to

Personal Specifications: The requirements listed below are representative of the knowledge, skill, and/or ability required:

• Minimum of 8+ years of domain experience
• A degree in Computer Science or Information Security, or in a related technical field.
• Certification such as OSCE, OSCP, CREST, CISSP, etc. preferred
• Extensive and deep technical knowledge ranging from front-end UIs through to back-end systems and all points in between
• Should also have strong software design and implementation know-how, strong familiarity with web protocols, a thorough knowledge of Linux/Unix tools and architecture, and be well-versed in application security and infrastructure security
• To perform their role successfully, they must have technical expertise in at least one domain; software development, network engineering, authentication or security protocols, systems engineering, cryptography, or a combination of all. In addition, they should also be familiar with security best practices and have knowledge of common and emerging security threats
• Must be a self-starter who is able to initiate and successfully drive programs and projects to completion with little or no management supervision.
• Be a good team player with the ability to lead security initiatives
• It is essential to have great communication skills to explain complex security topics in simple language and easy to understand concepts.

#LI-RR1