Company: Telecom company

Vacancy: Application Security Engineer

Location: Malaysia, Penang

What will be required:

• Prepare test scenarios for auditing, identify defects and vulnerabilities in software products using:
• Static code analysis (mainly Java and J2EE applications, iOS and Android mobile applications) using HPE-MicroFocus Fortify SCA;
• Dynamic code analysis and vulnerability scanning using Burp Suite and OWASP ZAP;
• Manual penetration testing in a test environment.
• Develop recommendations for developers, optimize and automate the auditing process, configure SAST and DAST tools.

Our expectations from the applicant:

• Fluent English (Upper intermediate).
• Higher education in the IT field (required for relocation).
• Knowledge of defect types (CWE/SANS Top 25 Most Dangerous Software Errors), vulnerabilities and risks in web and mobile applications (OWASP Top 10), as well as methods of detecting and mitigating them.
• Over 2 years of experience in application security (pentesting, appsec, etc.).
• Strong knowledge of programming languages (Java) and scripting languages (Python, PowerShell, Bash).

It would be a plus if you have:

• Certifications such as OSCP, CEH, OSWE.
• Knowledge/experience with international information security standards and personal data protection standards: ISO 27XXX, PCI DSS, GDPR, and others.
• Knowledge/experience with information security standards and platforms: SAML, OAuth, WS-Security, X.509, SAML, JAAS, SSL/TLS, OpenSSO, OpenIAM, and others.
• Experience in CTF or Bug Bounty programs.
• Experience in web or mobile application development.