Application Security Engineer (3 years renewable contract)

Singapore Press Holdings Limited  

Job Description

We are looking for experienced Application Security Engineer to effectively maintain the automated source code scanning platform, to perform secure code reviews as well as support the automated penetration test delivery within the organization and also upskill the developers by training on secure coding. 

Mandatory Skill-set 

● Bachelor in Computer Science or related field required; 

● Has at least 1- years of work experience in development; 

● Has at least 3 - years of work experience in the area of application security; 

● Experienced in conducting secure code review, dynamic application security testing and 

manual security testing for both Web and Mobile applications; 

● Experience in threat modelling - able to prepare threat profile to identify, quantify and 

address security risks; 

● Familiar with CI/CD and DevOps concepts and how security testing can be integrated 

and automated as part of software delivery pipelines; 

● Familiar with secure Web Services, Web and mobile API architecture (such as REST, 


● Familiar with common web,mobile application vulnerabilities and technical knowledge to 

address and mitigate vulnerabilities; 

● Knowledge of security best practices, secure coding practice guidelines, OWASP top 10 

web and mobile; 

● Excellent communication and presentation skills. 

Desired Skill-Set 

● Knowledge of Static Application security tools like Fortify, Checkmarx, Burp suite 

professional, Qualys, Webinspect; 

● Knowledge in implementing the open source scanner tool like Sonatype, Blackduck; 

● Knowledge in Container security implementation; 

● Knowledge in Cloud Security like AWS, Google Cloud Platform; 

● Handling the Bug Bounty Program and issue tracking. 



Job Requirements


● Responsible to propose and integrate security practices and processes into software 

development to ensure the delivery of applications have vulnerabilities resolved and 


● Responsible to develop secure application development practices, standards, guidelines 

and solutions towards adopting technical best practices and uplifting the Application 

Security (AppSec) capabilities within the organization 

● Perform Application Security assessment using a combination of threat modelling, 

vulnerability research, code scanning, application security testing with recommendation 

of proper remediation actions 

● Work closely with Development for vulnerability mitigations and help in removing the 

false positive from the static and dynamic application security report 

● Work closely with DevOps Team to create tools and automation to help test and improve 

the security in the CI/CD pipeline like Jenkins, Bitrise, AWS Codebuild etc 

● Identify gaps in security and improve security protocols and procedures in application 

development processes 

● Enhance security competency in development teams implementing the secure coding 

training platform like Secure Code Warrior 

● Provide training to the development team on security standards, policies, procedures 

and best practices related to secure coding for Web and Mobile.


  • Permanent / Full Time
  • $4800 - $5500
Singapore Press Holdings Limited  
More from this company

No results found.