jobs in Astek

全职 Security Engineer 工作, 薪水, Astek 公司招聘中 - Ricebowl

Security Engineer

Astek

Undisclosed

全职

Singapore

分享
保存

工作地点

  • Singapore

职位描述

岗位职责

Application Security Engineer / DevSecOps Engineer

Role Overview

We are seeking an experienced security professional to drive application security initiatives across the software development lifecycle. The role focuses on threat modelling, secure development practices, vulnerability management, cloud security, and integrating security controls into modern DevOps and CI/CD environments.


Singapore Citizens only due to CAT Clearance requirement


Key Responsibilities

  • Conduct threat modelling and security risk assessments to identify, evaluate, and mitigate application security risks.
  • Implement and promote secure development practices aligned with OWASP Top 10 and OWASP Application Security Verification Standard (ASVS).
  • Integrate security testing into Agile, DevOps, and CI/CD pipelines using tools such as GitLab, GitHub, and Ansible.
  • Perform application security reviews and manage vulnerability remediation, patching, and risk tracking activities.
  • Utilise SAST tools including Fortify-on-Demand and SonarQube to identify and address code vulnerabilities.
  • Support security awareness initiatives and provide guidance to development and project teams.
  • Collaborate with stakeholders across development, infrastructure, and security teams to strengthen application security posture.


Requirements

  • Singapore Citizens only due to CAT Clearance requirement
  • Minimum 4 years of experience across software development, application security, and cloud computing (AWS).
  • Strong understanding of REST, SOAP, SSL/TLS, and web/mobile application architectures.
  • Experience with threat modelling, vulnerability management, and secure SDLC practices.
  • Familiarity with Agile, DevOps, CI/CD, and security automation.
  • Strong analytical, troubleshooting, and problem-solving skills.
  • Excellent communication and stakeholder management capabilities.


Preferred Skills

  • Experience with Government Commercial Cloud (GCC).
  • Certifications such as CISSP, OSCP, AWS Security, AWS DevOps Engineer, or equivalent.


Key Technologies

AWS, GCC, REST, SOAP, SSL/TLS, GitLab, GitHub, Ansible, Fortify-on-Demand, SonarQube, OWASP Top 10, OWASP ASVS, CI/CD, DevOps, Agile.

重要安全守则

申请工作时,切勿提供您的银行或信用卡详细资料。不要转账或完成无关的在线调查问卷。如果您发现可疑内容,请举报此招聘广告。

了解更多