Application and Cloud Security Engineer

ITCAN Pte Ltd| Date Posted: 30-Aug-2019
Save Job
Job Nature:
Permanent, Contract
Position Level:
Bachelor's / Honours

Job Description


The position will be part of a banking clients' Wealth Management - Global IT HUB in Singapore which is in charge of developing, integrating and supporting solutions for Wealth Management sites worldwide.

The Security Software Engineer will be working on IT transformation programs that aim to transform the way security testing is done today (earlier and more automated) and to secure our current initiative to move some applications to Cloud platforms. He/she will be in charge of:

 Integration of security into software development during design and development

 Contribution to the definition of the different types of security tests to be performed

 Supporting the development team in terms of secure development practices

 Provide security training to the development team

 Automation of security testing process, mostly in our Continuous Integration platform

 Design and adapt our Security tools/architecture/process to deal with Cloud platforms

 Analysis of IT systems architecture in terms of security and risk/threat modelling

 Performing security code reviews and penetration testing during the development sprints

 Review and assess the results of external penetration testing, and agree corrective actions

 Follow-up on change management regarding the on-going transformation on security practices


Skills & Experience:

 Bachelor’s degree in Computer Science or the equivalent. A master’s degree is a plus

 At least 2+ years of hands-on experience doing security code analysis or reviews

 At least 2+ years of hands-on experience doing penetration and vulnerabilities tests

 At least 2+ years of hands-on experience on securing Cloud infrastructure/applications

 Any certification around security: GSSP-JAVA, GWEB, ECSP, CSSLP, CEH, CES etc.



 Strong critical thinker with problem solving aptitude.

 Capacity to provide deep perspective on cyber and security threats

 Excellent written and oral communication skills

 Knowledge and experience of common security protocols (e.g. TLS, OAuth 2.0, SAML, Open ID Connect, LDAP etc.) and crypto libraries (Open SSL, JWT etc.)

 Knowledge and experience of server side security, authentication and authorizations mechanisms

 Knowledge and experience of Web security (OWASP etc.) and Javascript/SPA security

 Knowledge and experience of static code security analysis and security code reviews

 Knowledge and experience of vulnerabilities/penetration testing

 Knowledge and experience of CI/CD and DevSecOps

 Knowledge and experience of security standards/architecture related to Cloud


 Software development experience

 Project management skills, or at least good proficiency in managing tasks and priorities

 Knowledge and experience of Mobile security on Android and iOS

 Experience with hardening of middleware (Tomcat, Apache, NGINX, Mongo DB etc.)

 Experience of a secure software life cycle in a software house or large IT department

 Contributing to open source projects or participation in hacker events

 Knowledge of encryption and key management

 Knowledge of IAM and SIEM solutions


Company Overview