JOB OVERVIEW:
The Application Development Security Senior Analyst is a critical bridge between the Cybersecurity and Software Engineering teams. You will ensure that security is not an afterthought but a foundational component of the Software Development Life Cycle (SDLC). Guided by Company's Secure Software Development Framework (SSDF), your mission is to find, fix, and prevent vulnerabilities in our proprietary software before they can be exploited.
DUTIES AND RESPONSIBILITIES:
● Policy & Procedures: Engage with the relevant stakeholders to establish and review corporate policy and procedures governing the secure development of applications.
● Security Architecture & Design: Participate in "Shift Left" initiatives by performing threat modeling and architectural risk assessments during the design phase.
● Vulnerability Management: Conduct regular SAST (Static), DAST (Dynamic), and SCA (Software Composition Analysis) scanning. Prioritize and triage results for development teams.
● Code Review: Perform manual secure code reviews to identify logic flaws and vulnerabilities (OWASP Top 10) that automated tools might miss.
● DevSecOps Integration: Assist in automating security checkpoints within CI/CD pipelines (e.g., Jenkins, GitLab CI, GitHub Actions).
● Remediation Guidance: Act as a consultant to developers, providing clear, actionable advice and code snippets to fix identified security gaps.
● Training & Advocacy: Lead "Security Champion" programs and conduct secure coding workshops to foster a security-first culture.
QUALIFICATIONS AND EXPERIENCES:
● Education: Bachelor’s degree in Computer Science, Cybersecurity, or a related technical field (or equivalent experience).
● Experience: 3+ years in application security, penetration testing, or secure software development.
● Technical Skills:
- Proficiency in at least one major language (e.g., Java, Python, JavaScript, or C#).
- Deep understanding of web application vulnerabilities (SQLi, XSS, CSRF, SSRF).
- Experience with security tools like Burp Suite, Checkmarx, Snyk, or Veracode.
- Familiarity with container security (Docker/Kubernetes) and Cloud environments (AWS/Azure/GCP).
● Certifications (Preferred): CSSLP, GWEB, CASE, or OSCP.
● Core Competencies:
- Analytical Thinking: Ability to think like an attacker to foresee potential bypasses in application logic.
- Communication: Exceptional ability to translate complex security risks into business impact for non-technical stakeholders.
- Collaboration: A "builder" mindset—focused on enabling developers to work fast and securely, rather than just acting as a gatekeeper.
FLINTEX CONSULTING PTE. LTD.
About us Flintex Consulting is a Singapore based specialist IT Recruitment consultancy that assists IT Professionals to develop their careers in Singapore. Well established in Singapore Technology market, Flintex Consulting is dynamic and innovative. The services that we provide are constantly evol...
Read more about the companyCopyright © 2026 Grabjobs Pte.Ltd. All Rights Reserved.