Application Security Tester, Technology Information Security Office
Job Description - Perform application penetration testing on web based application and thick-client application
- Perform mobile application penetration testing across different mobile platforms
- Perform network penetration testing on systems
- Exploit vulnerabilities to gain access, and expand access to remote systems
- Document technical issues and recommend mitigation controls identified during security assessments
- Research cutting edge security topics and new attack vendors
- Conduct compliance testing on web based application, mobile applications and thick/thin-client application that meet predetermined Technology Security Standards and other regulatory requirements such as MAS TRMG
- Conduct secure code review and design review of applications
*LI-VW
Qualifications Requirements - Minimum 3 years of hands on penetration testing experience for web applications, thick/thin clients and mobile applications
- Experience conducting Secure Code Review/Design Review
- Degree in computer degree/computer engineering/information security or equivalent
- A working knowledge of all aspects of information security is essential
- Familiarity of MAS TRMG, PCI-DSS and other regulatory/industries requirements
- Good communication (spoken and written) skills, able to work independently and as a team
- Certified Ethical Hacker, GWAPT, GMOB, CCT-Web preferred
- Hands on experience in using tools such as Burp, Nessus, Nexpose, Web Inspect, Fortify and other penetration testing and secure code review tools
- Experience in conducting penetration testing for Banks in Singapore will be highly preferred
- Experience in conducting penetration testing for AS400 and legacy mainframe systems will be an advantage
