DevSecOps Application Security Engineer - Network X Program
StarHub Green
Applications have closed
StarHub
StarHub Personal - Check out our new offerings & promos. View our latest phones, broadband plans, and rewards by redeeming your points.Job Description
As a DevSecOps Application Security Engineer, you will play a critical role in integrating security practices into our development and operations processes. You will collaborate with development teams to identify vulnerabilities, implement security controls, and drive security best practices throughout the software development lifecycle.
Key Responsibilities:
- Security Integration: Integrate security into the CI/CD pipeline, ensuring security controls and best practices are embedded from the early stages of development.
- Vulnerability Assessment: Conduct regular security assessments, including static and dynamic analysis, to identify and remediate vulnerabilities in applications.
- Threat Modeling: Develop and maintain threat models to identify potential risks and security weaknesses in applications and infrastructure.
- Incident Response: Collaborate with incident response teams to address and mitigate security incidents related to applications.
- Security Policies and Procedures: Develop, document, and enforce security policies, standards, and procedures for application development and deployment.
- Collaboration: Work closely with development, operations, and security teams to ensure security requirements are met and to foster a culture of security awareness.
- Tooling and Automation: Implement and maintain security tools and automation scripts to streamline security processes and improve efficiency.
- Continuous Improvement: Stay current with emerging security threats, trends, and technologies to continually improve security practices and tools.
Qualifications
Requirements
- Tertiary education in Computing, Computer Science, or equivalent
- Min 5-6 years of experience in application security, DevSecOps, or a related field.
- Technical Skills: Proficiency with security tools and technologies such as static analysis (SAST), dynamic analysis (DAST), and software composition analysis (SCA).
- Programming Knowledge: Strong understanding of programming languages such as Java, Python, or JavaScript, and familiarity with secure coding practices.
- DevSecOps Tools: Experience with CI/CD tools (e.g., Jenkins, GitLab, Azure DevOps) and infrastructure-as-code tools (e.g., Terraform, Ansible).
- Knowledge of Standards: Familiarity with security standards and frameworks such as OWASP, NIST, or ISO 27001.
- Soft Skills: Strong problem-solving skills, attention to detail, and the ability to work independently as well as part of a team.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Ansible Application security Automation Azure CI/CD Computer Science DAST DevOps DevSecOps GitLab Incident response ISO 27001 Java JavaScript Jenkins NIST OWASP Python SAST SDLC Security assessment Terraform Vulnerabilities
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.