Mô Tả Công Việc
Role Specifics
As a Senior Security Engineer, you will -
• Be working in a fast-paced DevSecOps environment where it is paramount to control security testing into a continuous deployment/integration flow.
• Play a lead role in developing and designing application-level security controls and standards.
• Perform application security design reviews against new products and services, track and prioritize all security issues, and help build internal security tools that help fix security problems at scale.
• Perform code review and drive remediation of discovered issues.
• Enable automated security testing at scale to measure vulnerability and report on risk across all microservice, web, and mobile platforms.
• Execute security tests on servers that are spread across on-premise and public cloud data centers.
• Be a part of the global security organization, sharing security best practices and standards
Responsibilities
As part of the Security team responsible for PropertyGuru application security, you will -
• Oversee secure SDLC, application vulnerability assessments, secrets management & and application security compliance for various certifications.
• Assist software developers through source code security reviews, security testing, source code analysis or vulnerability assessments to manage SSDLC security risks using manual & and automated testing.
• Integrate application security in every aspect of CI/CD using tools and implement security gates to ensure secure and compliant code is deployed.
• Create automation scripts/tools whenever required to improve the efficiency of the security posture.
• Work closely with developers, infrastructure engineers & SOC to reproduce reported security issues and work with them to prioritize, test and remediate issues.
• Be required to monitor, respond, investigate, and report on application security events.
• Independently audit and review our key technology platforms, libraries, and security tools to propose an execution plan for security improvements.
• Work with business and technology teams in delivering security projects aligned with the security roadmap.
• Evaluate and make recommendations on new security products and advise on implementation into existing environments and external partners
• Implementing, operating and supporting security tooling, cloud security, services and patterns to support IT delivery teams.
• Assist teams in the identification and management of security risks, through technical security testing or security risk assessments.
• Support or facilitate major security incident response processes by providing technical security leadership.
• Acts as an escalation point for security issues to on-call staff
Yêu Cầu Công Việc
• 4-6 years of hands-on experience working as an application security engineer on AWS & GCP Cloud, application security tools, automated security scanning, threat modeling, secure coding, cryptography, identity management & and authentication and conducting vulnerability assessments, preferably in product companies.
• An analytical mind for problem-solving, abstract thought, and offensive security tactics.
• Experience with programming/ scripting for day-to-day security operations such as log or data analysis, tool integrations via API & security test automation.
• Full understanding of the web stack, web security, common application vulnerabilities & and mitigations.
• Experience collaborating on Software development security and Infrastructure security testing during CI/CD is necessary.
• Ability to guide and train software developers and product teams in application security & and secure software development.
• Familiarity with and ability to explain common security vulnerabilities and ways to address them.
• Strong understanding of container technologies and open-source tools • Excellent communication skills, both written and verbal, can articulate complex topics clearly and concisely.
• Knowledge of application security for ISO27001, SOC 2, NIST CSF, SOX compliance, ITGC & ISO 27701/ GDPR will be preferred.
• Basic penetration testing skills.
• You should be fluent in Vietnamese & also have a working knowledge of English.
Hình thức
Quyền Lợi
• Competitive salary depending on skills and capabilities
• 13th-month salary and performance bonuses based on the business performance
• 17 days of paid leave
• Global product with millions of new users every month
• Comfortable working conditions: Hybrid working time
• Good career growth opportunities with interesting and challenging projects English, technical, and soft skills training courses
• Additional healthcare insurance and annual health check-ups
• Light beverages and food are available all the time in the office
• Outdoor activities with company support: sports clubs, team building, happy hour parties, birthday, company trips, staff, and family events, etc