Application Security Engineer at Telecom company
Company: Telecom company
Vacancy: Application Security Engineer
Location: Malaysia, Penang
What will be required:
- Prepare test scenarios for auditing, identify defects and vulnerabilities in software products using:
- Static code analysis (mainly Java and J2EE applications, iOS and Android mobile applications) using HPE-MicroFocus Fortify SCA;
- Dynamic code analysis and vulnerability scanning using Burp Suite and OWASP ZAP;
- Manual penetration testing in a test environment.
- Develop recommendations for developers, optimize and automate the auditing process, configure SAST and DAST tools.
Our expectations from the applicant:
- Fluent English (Upper intermediate).
- Higher education in the IT field (required for relocation).
- Knowledge of defect types (CWE/SANS Top 25 Most Dangerous Software Errors), vulnerabilities and risks in web and mobile applications (OWASP Top 10), as well as methods of detecting and mitigating them.
- Over 2 years of experience in application security (pentesting, appsec, etc.).
- Strong knowledge of programming languages (Java) and scripting languages (Python, PowerShell, Bash).
It would be a plus if you have:
- Certifications such as OSCP, CEH, OSWE.
- Knowledge/experience with international information security standards and personal data protection standards: ISO 27XXX, PCI DSS, GDPR, and others.
- Knowledge/experience with information security standards and platforms: SAML, OAuth, WS-Security, X.509, SAML, JAAS, SSL/TLS, OpenSSO, OpenIAM, and others.
- Experience in CTF or Bug Bounty programs.
- Experience in web or mobile application development.
Apply for a job