IT Application Security Analyst (Direct contract with client, Application security, Pen-testing, Central) #IRT
RECRUIT EXPRESS PTE LTD
Job Title: IT Application Security Analyst (Direct contract with client, Application security, Pen-testing, Central)
Job Responsibilities
Policy & Procedures
Engage with relevant stakeholders to establish and review corporate policies and procedures governing the secure development of applications.Security Architecture & Design
Participate in "Shift Left" initiatives by performing threat modeling and architectural risk assessments during the design phase.Vulnerability Management
Conduct regular security scans, including SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing) and SCA (Software Composition Analysis). Prioritize and triage scan results for development teams.Code Review
Perform manual secure code reviews to identify logic flaws and vulnerabilities, including those outlined in the OWASP Top 10, that automated tools may miss.DevSecOps Integration
Assist in automating security checkpoints within CI/CD pipelines, such as: Jenkins, GitLab CI, GitHub ActionsRemediation Guidance
Act as a security consultant to developers by providing clear, actionable remediation advice and code examples to address identified security gaps.Training & Advocacy
Lead Security Champion programs.Conduct secure coding workshops to foster a security-first culture across development teams.
- Education: Bachelor’s degree in computer science, Cybersecurity, or a related technical field (or equivalent experience).
- Experience in application security, penetration testing, or secure software development.
Technical Skills
- Proficiency in at least one major language (e.g., Java, Python, JavaScript, or C#).
- Deep understanding of web application vulnerabilities (SQLi, XSS, CSRF, SSRF).
- Experience with security tools like Burp Suite, Checkmarx, Snyk, or Veracode.
- Familiarity with container security (Docker/Kubernetes) and Cloud environments (AWS/Azure/GCP).
- Certifications (Preferred): CSSLP, GWEB, CASE, or OSCP.
Core Competencies
- Analytical Thinking: Ability to think like an attacker to foresee potential bypasses in application logic.
- Communication: Exceptional ability to translate complex security risks into business impact for non-technical stakeholders.
- Collaboration: A "builder" mindset—focused on enabling developers to work fast and securely, rather than just acting as a gatekeeper.
Interested applicants please send your resume to ***email_hidden*** and look for:
Rita Shi Tianhe
Recruit Express Pte Ltd
EA License No: 99C4599
EA Registration Number: R26162019
We regret that only shortlisted candidates will be contacted