VP/AVP, Senior Application Security Specialist, Investment & Trading Tech, Technology & Operations

  • Competitive
  • Singapore
  • Permanent, Full time
  • DBS Bank Limited
  • 26 Jun 17

See job description for details


Business Function

Group Technology and Operations (T&O) enables and empowers the bank with an efficient, nimble and resilient infrastructure through a strategic focus on productivity, quality & control, technology, people capability and innovation. In Group T&O, we manage the majority of the Bank's operational processes and inspire to delight our business partners through our multiple banking delivery channels.

Job Purpose


To effectively mitigate Open Source Software (OSS) security risk and act as SME in the greater context of defensive application security, including Static, Dynamic & Interactive Application Testing.

Responsibilities

  • Support the ITSS Security Test Lead in driving the transformation of application security (SCA, SAST & DAST) across the bank to achieve the desired business outcomes.
  • Lead the implementation and technical support of SAST & DAST tools (such as HP Fortify) & SCA tools (such as Black Duck, SonaType etc.)
  • Lead the on-boarding of application teams to the SCA, SAST and DAST platforms
  • Provide expert advices to project teams in application security (including risks associated with the use of Open Source Software components) so as to reduce number of vulnerabilities detected in independent security assessment.


Requirements
  • Minimum 6 years of working experience
  • Excellent problem solving skills
  • Excellent communication skills
  • AppSec certified (CISSP, CSSLP, CEH)
  • Deep understanding of application security across the SDLC
  • More than 6 years in an application security capacity
  • Deep understanding of SCA
  • Good knowledge and hands-on experience with HP Fortify.
  • At least 1-year experience with Penetration testing
  • Experience with WebInspect is an advantage
  • Experience with IAST is an advantage
  • Experience with SCA tools like Blackduck, Sonatype, WhiteSource is an advantage
  • Deep understanding how to mitigate Open Source Software risk
  • SAST and DAST experience
  • IAST experience


Apply Now

We offer a competitive salary and benefits package and the professional advantages of a dynamic environment that supports your development and recognises your achievements.