Application Security Engineer at Telecom company

Company: Telecom company

Vacancy: Application Security Engineer

Location: Malaysia, Penang

What will be required:

  • Prepare test scenarios for auditing, identify defects and vulnerabilities in software products using:
  • Static code analysis (mainly Java and J2EE applications, iOS and Android mobile applications) using HPE-MicroFocus Fortify SCA;
  • Dynamic code analysis and vulnerability scanning using Burp Suite and OWASP ZAP;
  • Manual penetration testing in a test environment.
  • Develop recommendations for developers, optimize and automate the auditing process, configure SAST and DAST tools.

Our expectations from the applicant:

  • Fluent English (Upper intermediate).
  • Higher education in the IT field (required for relocation).
  • Knowledge of defect types (CWE/SANS Top 25 Most Dangerous Software Errors), vulnerabilities and risks in web and mobile applications (OWASP Top 10), as well as methods of detecting and mitigating them.
  • Over 2 years of experience in application security (pentesting, appsec, etc.).
  • Strong knowledge of programming languages (Java) and scripting languages (Python, PowerShell, Bash).

It would be a plus if you have:

  • Certifications such as OSCP, CEH, OSWE.
  • Knowledge/experience with international information security standards and personal data protection standards: ISO 27XXX, PCI DSS, GDPR, and others.
  • Knowledge/experience with information security standards and platforms: SAML, OAuth, WS-Security, X.509, SAML, JAAS, SSL/TLS, OpenSSO, OpenIAM, and others.
  • Experience in CTF or Bug Bounty programs.
  • Experience in web or mobile application development.
Apply for a job