Application Security Engineer

Assurity Trusted Solutions (ATS) is a wholly owned subsidiary of the Government Technology Agency (GovTech). As a Trusted Partner over the last decade, ATS offers a comprehensive suite of products and services ranging from infrastructure and operational services, authentication services, governance and assurance services as well as managed processes. In a dynamic digital and cyber landscape, where trust & collaboration are key, ATS continues to drive mutually beneficial business outcomes through collaboration with GovTech, government agencies and commercial partners to mitigate cyber risks and bolster security postures.

Responsibilities:

• Own and perform the cyber assurance function for internally developed products.
• Conduct lightweight penetration testing and code review to identify security flaws early.
• Validate vulnerabilities and risk scenarios in collaboration with the Infrastructure Security Specialist (Cloud & Hybrid) before formal penetration testing.
• Analyze third-party penetration test results, verify findings, and provide technical recommendations to resolve them.
• Work with development teams to ensure secure design, implementation, and remediation.
• Conduct threat modeling and help refine the security posture of APIs and web-facing applications.
• Contribute to the SDLC security process, promoting secure coding and early detection of bugs.

Requirements

• Solid understanding of web and API security principles (OWASP Top 10, API Security Top 10).
• Familiarity with modern application architectures, especially around authentication, authorization, and session management.
• Ability to read and understand code (e.g. Python, Java, JavaScript, or similar).
• Comfortable using tools like Burp Suite, OWASP ZAP, Postman, and proxy debuggers.
• Understands threat modeling, business logic vulnerabilities, and risk prioritization.
• Knowledge of CI/CD security practices (SAST/DAST integrations, open-source dependency scanning).
• Strong communicator – able to translate technical vulnerabilities into clear risk narratives.
• Hands-on experience in cloud environments (AWS, Azure) and understanding of hybrid architecture security.
• Experience with automated security testing frameworks or writing custom scripts for security tooling.
• Familiarity with DevSecOps principles and securing containers/microservices.
• Security certifications such as OSCP, GWAPT, GPEN, or equivalent

Join us and discover a meaningful and exciting career with Assurity Trusted Solutions!

The remuneration package will commensurate with your qualifications and experience. Interested applicants, please click "Apply Now".

We thank you for your interest and please note that only shortlisted candidates will be notified.

By submitting your application, you agree that your personal data may be collected, used and disclosed by Assurity Trusted Solutions Pte. Ltd. (ATS), GovTech and their service providers and agents in accordance with ATS’s privacy statement which can be found at: https://www.assurity.sg/privacy.html or such other successor site.

Benefits

• A wholly-owned subsidiary of GovTech.
• We promote a learning culture and encourage you to grow and learn.