Vulnerability Engineer (OWASP TOP 10, CI/CD, DevOps, API, AWS)

Application Security Engineer / DevSecOps Engineer

Role Overview

Singapore Citizens only due to CAT Clearance requiremen

We are seeking an experienced security professional to drive application security initiatives across the software development lifecycle. The role focuses on threat modelling, secure development practices, vulnerability management, cloud security, and integrating security controls into modern DevOps and CI/CD environments.

Key Responsibilities

• Conduct threat modelling and security risk assessments to identify, evaluate, and mitigate application security risks.
• Implement and promote secure development practices aligned with OWASP Top 10 and OWASP Application Security Verification Standard (ASVS).
• Integrate security testing into Agile, DevOps, and CI/CD pipelines using tools such as GitLab, GitHub, and Ansible.
• Perform application security reviews and manage vulnerability remediation, patching, and risk tracking activities.
• Utilise SAST tools including Fortify-on-Demand and SonarQube to identify and address code vulnerabilities.
• Support security awareness initiatives and provide guidance to development and project teams.
• Collaborate with stakeholders across development, infrastructure, and security teams to strengthen application security posture.

Requirements

• Singapore Citizens only due to CAT Clearance requirement
• Minimum 4 years of experience across software development, application security, and cloud computing (AWS).
• Strong understanding of REST, SOAP, SSL/TLS, and web/mobile application architectures.
• Experience with threat modelling, vulnerability management, and secure SDLC practices.
• Familiarity with Agile, DevOps, CI/CD, and security automation.
• Strong analytical, troubleshooting, and problem-solving skills.
• Excellent communication and stakeholder management capabilities.

Preferred Skills

• Experience with Government Commercial Cloud (GCC).
• Certifications such as CISSP, OSCP, AWS Security, AWS DevOps Engineer, or equivalent.

Key Technologies

AWS, GCC, REST, SOAP, SSL/TLS, GitLab, GitHub, Ansible, Fortify-on-Demand, SonarQube, OWASP Top 10, OWASP ASVS, CI/CD, DevOps, Agile.