Responsibilities
- Support in developing and designing DevSecOps metrics, policies, processes, and procedures.
- Evaluate and analyze threat, vulnerability, impact and risk of security issues discovered from various DevSecOps tools such as SAST, SCA, and DAST.
- Advise and work closely with developers, application, and project teams on the security issues, including explanation of the technical details and how they can remediate the vulnerabilities in their applications.
- Assist with implementing and designing automated security checks and additional security tools within the CI/CD pipeline.
- Conduct POCs and work with vendors for DevSecOps tools in order to achieve security automation and efficiency.
- Liaise with external vendors and oversee the resolution of incidents and technical issues.
- Effectively communicate and manage expectations of various stakeholders.
- Keep abreast of the latest industry trends in security and DevSecOps processes and make continuous recommendations for improvement.
Requirements
- Minimum 3-5 years of cyber security experience.
- Sound technical background of working with SAST, SCA, DAST and other vulnerability scanning tools.
- Prior experience in performing secure code reviews, web and mobile application penetration tests.
- Solid understanding of full DevSecOps pipeline, Agile methodology, containers, APIs and microservices.
- Capable of working with various CI/CD tools.
- Analytical thinker with excellent communication skills.
- Recognized university degree in Computer Science, Computer/Electrical Engineering, Information Technology or equivalent.
- Familiarity of MAS TRMG, PCI-DSS and other regulatory/industries requirements.
- Possesses certifications in cyber security field such as CEH, CISSP, GWAPT, OSCP, etc.
- Experience working in DevOps and cyber security roles for bank will be highly preferred.
- Good communication (spoken and written) skills, able to work independently and as a team.
cyber security
sast
sca
dast
vulnerability scanning
code review
web penetration tests
mobile penetration tests
agile methodology
containers
API
microservices.
ci/cd
mas trmg
pci-dss
CEH
cissp
GWAPT
OSCP