Cloud and Application Security Engineer Cloud and Application Security Engineer …

Keyteo Consulting
in Singapore, Singapore, Singapore
Permanent, Full time
Be the first to apply
Keyteo Consulting
in Singapore, Singapore, Singapore
Permanent, Full time
Be the first to apply
KEYTEO is an international and independent group, which grows in a cooperative spirit. Being determined to evolve through an open communication, our employees are directly involved in the center of our projects.

Job Description - Cloud and Application Security Engineer

The Security Software Engineer will be working on IT transformation programs that aim to transform the way security testing is done today (earlier and more automated) and to secure our current initiative to move some applications to Cloud platforms. 

He/she will be in charge of:
 Integration of security into software development during design and development
 Contribution to the definition of the different types of security tests to be performed
 Supporting the development team in terms of secure development practices
 Provide security training to the development team
 Automation of security testing process, mostly in our Continuous Integration platform
 Design and adapt our Security tools/architecture/process to deal with Cloud platforms
 Analysis of IT systems architecture in terms of security and risk/threat modelling
 Performing security code reviews and penetration testing during the development sprints
 Review and assess the results of external penetration testing, and agree corrective actions
 Follow-up on change management regarding the on-going transformation on security practices

Skills & Experience:
 Bachelor’s degree in Computer Science or the equivalent. A master’ s degree is a plus
 At least 2+ years of hands-on experience doing security code analysis or reviews
 At least 2+ years of hands-on experience doing penetration and vulnerabilities tests
 At least 2+ years of hands-on experience on securing Cloud infrastructure/applications
 Any certification around security: GSSP-JAVA, GWEB, ECSP, CSSLP, CEH, CES etc.

 Strong critical thinker with problem solving aptitude.
 Capacity to provide deep perspective on cyber and security threats
 Excellent written and oral communication skills
 Knowledge and experience of common security protocols (e.g. TLS, OAuth 2.0, SAML, Open ID
Connect, LDAP etc.) and crypto libraries (Open SSL, JWT etc.)
 Knowledge and experience of server side security, authentication and authorizations mechanisms
 Knowledge and experience of Web security (OWASP etc.) and Javascript/SPA security
 Knowledge and experience of static code security analysis and security code reviews
 Knowledge and experience of vulnerabilities/penetration testing
 Knowledge and experience of CI/CD and DevSecOps
 Knowledge and experience of security standards/architecture related to Cloud

 Software development experience
 Project management skills, or at least good proficiency in managing tasks and priorities
 Knowledge and experience of Mobile security on Android and iOS
 Experience with hardening of middleware (Tomcat, Apache, NGINX, Mongo DB etc.)
 Experience of a secure software life cycle in a software house or large IT department
 Contributing to open source projects or participation in hacker events
 Knowledge of encryption and key management
 Knowledge of IAM and SIEM solutions