ITSO Application Security Consultant - Part-Time

Role: ITSO Application Security Consultant

JD:
Responsibilities and Requirements

• At least 4 years combined work experience in software development, application security and

cloud computing (e.g. AWS)

• Familiar with mobile and web application programming interfaces (API) architecture (e.g. REST,

SOAP, SSL/TLS)

• Experience in threat modelling and able to establish threat profiles for application projects to

identify, quantify and remediate application security risks

• Strong knowledge of security best practices such as OWASP Top 10, OWASP application security

verification standard

• Familiar with Agile Development process, CI/CD, DevOps concepts, tools (Gitlab, Github,

Ansible etc) and how automated security testing can be incorporated into CI/CI pipelines

• Experience on using SAST code scanning tools such as Fortify-on-Demand, Sonarqube, etc

• Track and address security vulnerabilities with timely remediation and patching processes.

• Conduct security awareness training sessions

• Good verbal/written communications, collaboration skills and experience interacting with

various stakeholders

• Strong analytical, problem-solving and troubleshooting skills, ability to work independently

• Relevant certifications preferred (eg. CISSP, OSCP, AWS security, AWS DevOps Engineer or

equivalent etc.)

• Experience in working with Government Commercial Cloud (GCC) preferred.