fbpx

Development Security Operations

Job: Technology & Innovation

Primary Location: Singapore

Schedule: Full-time

Employee Status:  Permanent

 

Ready to take the next step in your career with us?

 

To us, good performance is about much more than turning a profit.  It’s about showing how you embody our valued behaviours – do the right thing, better together and never settle – as well as our brand promise, Here for good.

 

We’re committed to promoting equality in the workplace and creating an inclusive and flexible culture – one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.

 

The Role Responsibilities:

The successful candidate will be the part of a start-up team building an innovative platform and app leveraging on data, analytics to drive the business. This is a rare opportunity for a self-driven, strong entrepreneurial spirit, start-up minded, solid and passionate digital marketer to join and contribute to a venture. 

  • Integration of security into software development during design and development

  • Contribution to the definition of the different types of security tests to be performed

  • Supporting the development team in terms of secure development practices

  • Provide security training to the development team

  • Automation of security testing process, mostly in our Continuous Integration platform

  • Design and adapt our Security tools/architecture/process to deal with Cloud platforms

  • Analysis of IT systems architecture in terms of security and risk/threat modelling

  • Performing security code reviews and penetration testing during the development sprints

  • Review and assess the results of external penetration testing, and agree corrective actions

  • Follow-up on change management regarding the on-going transformation on security practices

  • Monitor and maintain Microsoft Intune compliance and profile settings. Apply security profiles to device endpoints.

 

Our ideal candidate:

  • Bachelor’s degree in Computer Science or the equivalent. A master’s degree is a plus

  • At least 2+ years of hands-on experience doing security code analysis or reviews

  • At least 2+ years of hands-on experience doing penetration and vulnerabilities tests

  • At least 2+ years of hands-on experience on securing Cloud infrastructure/applications (AWS / Azure / etc. and the pipeline tools Jenkins/Codepipeline)

  • Strong critical thinker with problem solving aptitude.

  • Capacity to provide deep perspective on cyber and security threats

  • Excellent written and oral communication skills

  • Knowledge and experience of common security protocols (e.g. TLS, OAuth 2.0, SAML, Open ID Connect, LDAP etc.) and crypto libraries (Open SSL, JWT etc.)

  • Knowledge and experience of server-side security, authentication and authorizations mechanisms

  • Knowledge and experience of Web security (OWASP etc.) and JavaScript/SPA security

  • Knowledge and experience of static code security analysis and security code reviews

  • Knowledge and experience of vulnerabilities/penetration testing

  • Knowledge and experience of CI/CD and DevSecOps

  • Knowledge and experience of security standards/architecture related to Cloud

 

Plus

  • Software development experience

  • Project management skills, or at least good proficiency in managing tasks and priorities

  • Knowledge and experience of Mobile security on Android and iOS

  • Experience with hardening of middleware (Tomcat, Apache, NGINX, Mongo DB etc.)

  • Experience of a secure software life cycle in a software house or large IT department

  • Contributing to open-source projects or participation in hacker events

  • Knowledge of encryption and key management

  • Knowledge of IAM and SIEM solutions

  • Exposure to internal standard certifications cycles (ISO 27001, CREST)

Interested applicants, please forward your CV to HR@cardspal.com