IT Security Engineer

Job Summary:

The Application Security Consultants is responsible for auditing and validating the security posture of applications and their supporting infrastructure. This role focuses on reviewing security activities performed by development teams, including static and dynamic code analysis, infrastructure scans, and hardening practices. The analyst ensures that applications meet internal security standards and comply with regulatory requirements.

Key Responsibilities:

·      Review and validate results from SAST (Static Application Security Testing) and DAST( Dynamic Application Security Testing) tools.

·      Audit OS, container, and database scans for vulnerabilities and misconfigurations looking at reports a

·      Assess the effectiveness of hardening measures across application components (e.g., webservers, APIs, containers, databases).

·      Collaborate with application development and DevSecOps teams to ensure remediation of identified issues.

·      Maintain audit documentation, including findings, remediation tracking, and compliance status.

·      Evaluate adherence to secure coding practices and application security policies.

·      Support internal security audits related to application & underlying infrastructure security.

·      Stay updated on emerging threats, vulnerabilities, and secure development trends.

Required Qualifications:

·      Bachelor’s degree in computer science, Cybersecurity, or related field.

·      4+ years of experience in application security, security auditing, or secure software development.

·      Hands-on experience on one or more tools like SonarQube, Fortify SAST/DAST, Burp Suite,OWASP ZAP etc.

·      Strong understanding of OWASP Top 10, secure coding principles, and CI/CD pipelines.

·      Familiarity with container technologies (e.g., Docker, Kubernetes) and cloud platforms (e.g., AWS, Azure, GCP).

Certifications:

·      CRESTCertified Pen Tester

·      CISSP or CCSP 

·      Preferred Certified AWS DevSecOps Professional or equivalent

Key Competencies:

·      Analytical mindset with attention to detail

·      Ability to interpret scan results and prioritize remediation

·      Strong communication and collaboration skills

·      Knowledge of regulatory frameworks (e.g., ISO 27001, PCI-DSS, GDPR)

·      Experience working in Agile and DevOps environments'

Interested applicants please send your resume in MS Wordsformat to [email protected] andattention to Pooja (R1551322)

Short listed candidates will be notified

www.ambition.com.sg

EA Registration Number: R1551322

Data provided is for recruitment purposes only

Business Registration Number: 200611680D.

License Number: 10C5117