IT Application Security Analyst (Direct contract with client, Application security, Pen-testing, Central) #IRT

RECRUIT EXPRESS PTE LTD

Job Title: IT Application Security Analyst (Direct contract with client, Application security, Pen-testing, Central)

Job Responsibilities

  • Policy & Procedures

    Engage with relevant stakeholders to establish and review corporate policies and procedures governing the secure development of applications.
  • Security Architecture & Design

    Participate in "Shift Left" initiatives by performing threat modeling and architectural risk assessments during the design phase.
  • Vulnerability Management

    Conduct regular security scans, including SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing) and SCA (Software Composition Analysis). Prioritize and triage scan results for development teams.
  • Code Review

    Perform manual secure code reviews to identify logic flaws and vulnerabilities, including those outlined in the OWASP Top 10, that automated tools may miss.
  • DevSecOps Integration

    Assist in automating security checkpoints within CI/CD pipelines, such as: Jenkins, GitLab CI, GitHub Actions
  • Remediation Guidance

    Act as a security consultant to developers by providing clear, actionable remediation advice and code examples to address identified security gaps.
  • Training & Advocacy

    Lead Security Champion programs.Conduct secure coding workshops to foster a security-first culture across development teams.
  • Education: Bachelor’s degree in computer science, Cybersecurity, or a related technical field (or equivalent experience).
  • Experience in application security, penetration testing, or secure software development.

Technical Skills

  • Proficiency in at least one major language (e.g., Java, Python, JavaScript, or C#).
  • Deep understanding of web application vulnerabilities (SQLi, XSS, CSRF, SSRF).
  • Experience with security tools like Burp Suite, Checkmarx, Snyk, or Veracode.
  • Familiarity with container security (Docker/Kubernetes) and Cloud environments (AWS/Azure/GCP).
  • Certifications (Preferred): CSSLP, GWEB, CASE, or OSCP.

Core Competencies

  • Analytical Thinking: Ability to think like an attacker to foresee potential bypasses in application logic.
  • Communication: Exceptional ability to translate complex security risks into business impact for non-technical stakeholders.
  • Collaboration: A "builder" mindset—focused on enabling developers to work fast and securely, rather than just acting as a gatekeeper.

Interested applicants please send your resume to ***email_hidden*** and look for:

Rita Shi Tianhe

Recruit Express Pte Ltd

EA License No: 99C4599

EA Registration Number: R26162019

We regret that only shortlisted candidates will be contacted