Information Technology - Cyber Security Applications Engineer

Job Description
You will be a member of the Group Information Security Team responsible for ensuring that IT solutions (both applications and infrastructure) are developed and designed with security inbuilt.
Key Responsibilities
- Provide security consultancy, technical guidance, expertise, solutioning and education for en-terprise.
- Advise application and infrastructure teams on application and infrastructure security design that is relevant and fit for purpose.
- Align security architecture frameworks and standards with business strategies and functions. Maintain Cyber risk management framework and perform assessment of applications for emerging areas like cloud security, machine learning etc.
- Advise and review application security design to detect potential security issues and for each issue, propose and drive remediation tasks. Develop application security blueprints. Propose and/or develop training courses to advance developers' security knowledge.
- Perform threat modelling on security critical applications. Keep up to date on emerging secu-rity threats and vulnerabilities on new platforms adopted by the SIA Group. Define scope and review the results of security tests, reviews and audits to ensure security assurance is achieved.
- Any relevant ad-hoc duties. Manage individual project priorities, deadlines and deliverables. This is an individual contributor role. Strong communication skills.
Requirements
- Degree in IT or related fields, with at least 5 years in information security, especially in the application security space.
- Professional security certifications (CISSP, CSSLP, CEH, CCSP etc) preferred.
- Technical proficiency in one or more of the following security areas:
network design, zero trust, Internet of Things, cryptography etc.
- Strong in-depth working knowledge in secure application development techniques. Secure by Design. Secure source code review. Prior experience with any of the following tools:
Static Application Security Testing (SAST), Dynamic Application Security (DAST), Software Compo-sition Analysis (SCA).
- Strong understanding of Agile, DevSecOps, OWASP Top 10, and securing cloud technolo-gies. Familiar with common web/mobile application vulnerabilities and technical knowledge to address and mitigate vulnerabilities.
- Knowledge of cyber security threats, vulnerabilities, hacking and exploit methods etc. Any prior vulnerability management experience preferred.
- Strong oral, written, presentation and inter-personal skills.
- Possess positive attitude with drive, initiative, enthusiasm, and a keen sense of urgency in resolving high-priority issues.
- Able to work independently and in a team-oriented, collaborative environment.