Job Description

Opportunity:

• Senior Web Application Vulnerability Analyst required to take the lead on external vulnerability assessment programme.
• You will be reviewing web applications, network/cloud services, API, web portals, Digital certificates to identify security vulnerabilities or misconfigurations using manual, automated testing and advise development teams to strategically resolve identified issues.
• This role is required because we are expanding our vulnerability management program to include continuous assessment of the customers internet facing services.
• You will be working with a world class team contributing to strengthening the security posture of one of the largest cloud deployments in the region!

• As a member of the Cyber Security Team you would need a strong hands-on background on web application attack vectors.
• You will be tasked with identifying, validating , tracking, recommending mitigations and remediations for vulnerabilities that emerge on the customer external facing web/network services.

Role:

• Analyse application security tools scan results to size and assess security loopholes, threats and advise Development teams to resolve identified vulnerabilities.
• Performs manual application security testing for identification and validation of vulnerabilities and weak configurations.
• Develop a vulnerability assessment and penetration testing report
• Coordinates with other functional groups involved in Information Security, Risk, Security Architecture and Application Development teams.
• Analyzing web, API, Network services and applications for security vulnerabilities.
• Documenting procedures for the External Vulnerability assessment.
• Identification of owners to the web application, if a new url/service emerges.
• Creating proof-of-concepts to highlight the impact of Application Security vulnerabilities to development teams

Required:

• Deep knowledge on OWASP Top 10 and OWASP API Security Top 10
• Solid hands-on experience performing web application, API vulnerability assessments.
• Familiar with one of the scripting language like Python, VBscript, Javascript, Powershell, Ruby
• Public disclosure of vulnerabilities or relevant awards / participations from Capture-The-Flags (CTF) competitions
• Experience using tools such as Nexpose/Nessus, BurpSuite, Metasploit, etc.
• Experience in API Security Opensource Security Scanning (OSS)
• Certifications such as GCPN, GPEN, CREST, OSCP, GWAPT
• Knowledge of vulnerabilities in Cloud native applications

For more information you can email Eric Okumu in our Singapore office on eric.okumu@teksystems.com quoting Job Reference Eric Okumu 534909 or alternatively, apply here to register your interest.

http://jobs.en-sg.teksystems.com/e2j8sA/snr-web-application-vulnerability-analyst-itcommunications-singapore-central-singapore-15645855

Job Reference: Eric Okumu 534909

EA Registration No.: R1324736, Eric Okumu

Allegis Group Singapore Pte Ltd, Company Reg No. 200909448N, EA License No. 10C4544