Information Technology - Cyber Security Applications Engineer

You will be a member of the Group Information Security Team responsible for ensuring that IT solutions (both applications and infrastructure) are developed and designed with security inbuilt.

• Provide security consultancy, technical guidance, expertise, solutioning and education for en-terprise.
• Advise application and infrastructure teams on application and infrastructure security design that is relevant and fit for purpose.
• Align security architecture frameworks and standards with business strategies and functions. Maintain Cyber risk management framework and perform assessment of applications for emerging areas like cloud security, machine learning etc.
• Advise and review application security design to detect potential security issues and for each issue, propose and drive remediation tasks. Develop application security blueprints. Propose and/or develop training courses to advance developers’ security knowledge.
• Perform threat modelling on security critical applications. Keep up to date on emerging secu-rity threats and vulnerabilities on new platforms adopted by the SIA Group. Define scope and review the results of security tests, reviews and audits to ensure security assurance is achieved.
• Any relevant ad-hoc duties. Manage individual project priorities, deadlines and deliverables. This is an individual contributor role. Strong communication skills.

• Degree in IT or related fields, with at least 5 years in information security, especially in the application security space.
• Professional security certifications (CISSP, CSSLP, CEH, CCSP etc) preferred.
• Technical proficiency in one or more of the following security areas: network design, zero trust, Internet of Things, cryptography etc.
• Strong in-depth working knowledge in secure application development techniques. Secure by Design. Secure source code review. Prior experience with any of the following tools: Static Application Security Testing (SAST), Dynamic Application Security (DAST), Software Compo-sition Analysis (SCA).
• Strong understanding of Agile, DevSecOps, OWASP Top 10, and securing cloud technolo-gies. Familiar with common web/mobile application vulnerabilities and technical knowledge to address and mitigate vulnerabilities.
• Knowledge of cyber security threats, vulnerabilities, hacking and exploit methods etc. Any prior vulnerability management experience preferred.
• Strong oral, written, presentation and inter-personal skills.
• Possess positive attitude with drive, initiative, enthusiasm, and a keen sense of urgency in resolving high-priority issues.
• Able to work independently and in a team-oriented, collaborative environment.