Job: Technology & Innovation
Primary Location: Singapore
Schedule: Full-time
Employee Status: Permanent
Ready to take the next step in your career with us?
To us, good performance is about much more than turning a profit. It’s about showing how you embody our valued behaviours – do the right thing, better together and never settle – as well as our brand promise, Here for good.
We’re committed to promoting equality in the workplace and creating an inclusive and flexible culture – one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.
The Role Responsibilities:
The successful candidate will be the part of a start-up team building an innovative platform and app leveraging on data, analytics to drive the business. This is a rare opportunity for a self-driven, strong entrepreneurial spirit, start-up minded, solid and passionate digital marketer to join and contribute to a venture.
-
Integration of security into software development during design and development
-
Contribution to the definition of the different types of security tests to be performed
-
Supporting the development team in terms of secure development practices
-
Provide security training to the development team
-
Automation of security testing process, mostly in our Continuous Integration platform
-
Design and adapt our Security tools/architecture/process to deal with Cloud platforms
-
Analysis of IT systems architecture in terms of security and risk/threat modelling
-
Performing security code reviews and penetration testing during the development sprints
-
Review and assess the results of external penetration testing, and agree corrective actions
-
Follow-up on change management regarding the on-going transformation on security practices
-
Monitor and maintain Microsoft Intune compliance and profile settings. Apply security profiles to device endpoints.
Our ideal candidate:
-
Bachelor’s degree in Computer Science or the equivalent. A master’s degree is a plus
-
At least 2+ years of hands-on experience doing security code analysis or reviews
-
At least 2+ years of hands-on experience doing penetration and vulnerabilities tests
-
At least 2+ years of hands-on experience on securing Cloud infrastructure/applications (AWS / Azure / etc. and the pipeline tools Jenkins/Codepipeline)
-
Strong critical thinker with problem solving aptitude.
-
Capacity to provide deep perspective on cyber and security threats
-
Excellent written and oral communication skills
-
Knowledge and experience of common security protocols (e.g. TLS, OAuth 2.0, SAML, Open ID Connect, LDAP etc.) and crypto libraries (Open SSL, JWT etc.)
-
Knowledge and experience of server-side security, authentication and authorizations mechanisms
-
Knowledge and experience of Web security (OWASP etc.) and JavaScript/SPA security
-
Knowledge and experience of static code security analysis and security code reviews
-
Knowledge and experience of vulnerabilities/penetration testing
-
Knowledge and experience of CI/CD and DevSecOps
-
Knowledge and experience of security standards/architecture related to Cloud
Plus
-
Software development experience
-
Project management skills, or at least good proficiency in managing tasks and priorities
-
Knowledge and experience of Mobile security on Android and iOS
-
Experience with hardening of middleware (Tomcat, Apache, NGINX, Mongo DB etc.)
-
Experience of a secure software life cycle in a software house or large IT department
-
Contributing to open-source projects or participation in hacker events
-
Knowledge of encryption and key management
-
Knowledge of IAM and SIEM solutions
-
Exposure to internal standard certifications cycles (ISO 27001, CREST)