Jobfoundry
Jobfoundry
DBS Bank

AVP/Sr. Assoc, Security Engineer (Application Development), Information Security Services, Group Technology

DBS Bank
BusinessSingapore - EastFull-time3 weeks ago
Apply Now

About the role

AI summarised

This is a senior-level security engineer role at a bank, focusing on application development security within the Information Security Services team. The role involves integrating security into the software development lifecycle, conducting security reviews, and advising development teams on secure coding practices.

BusinessFull-timeGeneral

Key Responsibilities

  • Integrate security into the software development lifecycle (SDLC) by providing security requirements, design reviews, and threat modeling.
  • Conduct security assessments of applications, APIs, and microservices to identify vulnerabilities and recommend remediation.
  • Develop and maintain security testing tools and automation scripts to enhance security testing efficiency.
  • Collaborate with development teams to implement secure coding practices and DevSecOps pipelines.
  • Perform security architecture reviews and provide guidance on security controls for cloud and containerized environments.
  • Stay current with emerging security threats, vulnerabilities, and industry best practices.
  • Assist in the development of security policies, standards, and guidelines for application security.
  • Support incident response activities related to application security incidents.

Requirements

  • Bachelor's degree in Computer Science, Information Security, Information Technology, or a related field.
  • At least 5 years of experience in application security, secure coding, or security engineering.
  • Strong understanding of web application security, OWASP Top 10, and common vulnerabilities.
  • Experience with threat modeling methodologies and tools.
  • Proficiency in one or more programming languages such as Python, Java, JavaScript, or Go.
  • Hands-on experience with security testing tools (SAST, DAST, IAST, RASP).
  • Knowledge of cloud security principles and experience with AWS, Azure, or GCP.
  • Familiarity with container security and orchestration tools like Docker and Kubernetes.
  • Understanding of authentication and authorization protocols (OAuth, SAML, OpenID Connect).
  • Excellent communication and interpersonal skills, with the ability to work effectively in a team.
  • Relevant security certifications such as CISSP, CSSLP, CEH, or OSCP are preferred.