Deskripsi Pekerjaan
Are you passionate about safeguarding critical financial infrastructure? The Monetary Authority of Singapore (MAS) is seeking a skilled Application Security Engineer to join our dynamic team. In this Contract position based in our Central Business District (CBD) office, you will play a pivotal role in ensuring the resilience and security of our digital ecosystem. You will work closely with development teams to integrate security best practices into the Software Development Life Cycle (SDLC), perform rigorous vulnerability assessments, and drive the adoption of DevSecOps methodologies. Your expertise will help us proactively identify and mitigate security risks, ensuring compliance with industry standards and MAS regulations.
We are looking for a detail-oriented professional who thrives in a fast-paced environment and is committed to building secure, scalable applications.
Tanggung Jawab
- Conduct comprehensive application security assessments and penetration testing against web and mobile applications.
- Design and implement robust security controls and protocols within application architectures and microservices.
- Perform threat modeling and code reviews to identify potential vulnerabilities early in the development process.
- Collaborate with engineering teams to integrate automated security testing into CI/CD pipelines.
- Manage and remediate vulnerabilities using industry-standard tools, frameworks, and frameworks such as OWASP.
- Conduct security awareness training and workshops for development staff to foster a security-first culture.
- Monitor security trends and advise on the implementation of new security technologies.
Kualifikasi
- Bachelor’s degree in Computer Science, Cybersecurity, Engineering, or a related field.
- Proven experience in application security, with a strong understanding of web application vulnerabilities (e.g., OWASP Top 10).
- Experience with security frameworks such as NIST, ISO 27001, or MAS guidelines is highly desirable.
- Proficiency in scripting languages (e.g., Python, Bash) and familiarity with Java or .NET development.
- Certifications such as CISSP, CEH, OSCP, or CISA are a plus.
- Strong analytical and problem-solving skills with a keen eye for detail.
- Excellent communication skills to effectively articulate security risks to technical and non-technical stakeholders.