SPECIALIST/SENIOR SPECIALIST (MANAGED SERVICES) [Job Code 1911287P]

Responsibilities:

  • Perform application and infrastructure penetration tests for customers
  • Conducting application security assessments and penetration tests (web, mobile, web service, etc.). Assessments involve manual testing and analysis as well as the use of automated application vulnerability scanning/testing and/or code review tools i.e. Burp Suite Professional, HP Fortify or Checkmarx
  • Writing a formal security assessment report for each application, using our company’s standard reporting format
  • Participating in conference calls or on client’s site with potential client to scope out newly requested security projects and estimate the amount of time required to complete the project and current clients to review assessment results and consult with the clients on remediation options
  • Retesting security vulnerabilities and republishing reports to indicate the retesting results
  • Perform security reviews of application designs, source code and deployments as required, covering all types of applications (web application, web services, mobile applications, thick client applications, SaaS)
  • Work on improvements for provided security services, including the continuous enhancement of existing methodology material and supporting assets
  • Report and present on findings

Requirements:

  • Degree in Computer Engineering, Computer Science, Information Systems, Digital Forensics or equivalent qualifications
  • Minimum 2 years’ of relevant work experience in IT security implementation and operations
  • Possession of professional certifications such as CISSP, CISA, CISM will be an added advantage
  • Experience with various security tools and products (Fortify, AppScan, Nessus etc)
  • Several years of experience developing web and/or mobile applications, preferably hard-core financial, e-commerce, or business applications that face the Internet required
  • Knowledge of the HTTP protocol and how it works
  • Experience performing application security testing using manual techniques plus runtime vulnerability testing tools and/or code review tools
  • Experience with network/infrastructure-level penetration testing (preferred)
  • Understanding of cryptography principles
  • Good interpersonal skills and a team player
  • Strong presentation and writing skills
  • Only Singapore citizens need to apply
 
EA Licence No: 22C1055
EA Personnel Registration No: R1108178