Responsibilities

• Support in developing and designing DevSecOps metrics, policies, processes, and procedures.
• Evaluate and analyze threat, vulnerability, impact and risk of security issues discovered from various DevSecOps tools such as SAST, SCA, and DAST.
• Advise and work closely with developers, application, and project teams on the security issues, including explanation of the technical details and how they can remediate the vulnerabilities in their applications.
• Assist with implementing and designing automated security checks and additional security tools within the CI/CD pipeline.
• Conduct POCs and work with vendors for DevSecOps tools in order to achieve security automation and efficiency.
• Liaise with external vendors and oversee the resolution of incidents and technical issues.
• Effectively communicate and manage expectations of various stakeholders.
• Keep abreast of the latest industry trends in security and DevSecOps processes and make continuous recommendations for improvement.

Requirements

• Minimum 3-5 years of cyber security experience.
• Sound technical background of working with SAST, SCA, DAST and other vulnerability scanning tools.
• Prior experience in performing secure code reviews, web and mobile application penetration tests.
• Solid understanding of full DevSecOps pipeline, Agile methodology, containers, APIs and microservices.
• Capable of working with various CI/CD tools.
• Analytical thinker with excellent communication skills.
• Recognized university degree in Computer Science, Computer/Electrical Engineering, Information Technology or equivalent.
• Familiarity of MAS TRMG, PCI-DSS and other regulatory/industries requirements.
• Possesses certifications in cyber security field such as CEH, CISSP, GWAPT, OSCP, etc.
• Experience working in DevOps and cyber security roles for bank will be highly preferred.
• Good communication (spoken and written) skills, able to work independently and as a team.