Snr Assoc, Application Security Engineer, Information Security Services, Group Technology
DBS Bank
Business Function
Group Technology enables and empowers the bank with an efficient, nimble and resilient infrastructure through a strategic focus on productivity, quality & control, technology, people capability and innovation. In Group Technology, we manage the majority of the Bank's processes and inspire to delight our business partners through our multiple banking delivery channels.
Team Overview
At DBS Bank, we believe that being the Best Bank for a Better World means also being the Safest Bank in the Digital Age. Our cybersecurity vision is built on proactive defense, strong observability, and continuous resilience — empowered by a diverse team of skilled defenders and innovators.
As part of the Group Technology organization, you will be working at the heart of DBS’s digital transformation, safeguarding millions of customers and complex financial ecosystems. The Application Security Team plays a critical role in integrating security practices throughout the software development lifecycle (SDLC), ensuring that applications are designed, developed, and deployed with robust security controls. We emphasize continuous learning, technical depth, and collaboration to stay ahead of evolving application-centric cyber threats.
Role Overview
We are looking for an experienced and proactive Application Security Engineer to strengthen our Application Security Team in defending against advanced and emerging threats targeting our software applications. This role combines analytical depth, technical expertise in secure development, and creative problem-solving to identify, assess, and mitigate security vulnerabilities across the application landscape. A key focus will be on embedding security early in the SDLC, driving automation of security processes, and leveraging technologies like Python and Generative AI to enhance our application security posture. Candidates with experience in financial institutions and familiarity with regulatory landscapes are strongly preferred.
Key Responsibilities
- Provide advisory on application security tools and processes, including but not limited to SAST, DAST, IAST, SCA and secure coding guidelines.
- Drive the integration of security activities into the Software Development Life Cycle (SDLC), promoting secure design principles, secure coding practices, and security testing methodologies.
- Participate and execute vulnerability analysis and root cause investigations for identified security findings.
- Develop and implement automation scripts and tools using Python/Go to streamline application security processes, such as vulnerability scanning orchestration, security control validation, and security metric reporting.
- Explore and pilot the use of Generative AI tools and techniques to enhance security testing, code analysis, threat modeling, and vulnerability remediation efforts.
- Contribute to the continuous improvement of the secure SDLC framework, security standards, and application security policies.
- Contribute to the training and education of developers on secure coding practices and application security best practices. Stay up-to-date with the latest security trends, technologies, and industry developments to recommend and implement innovative solutions
Required Skills and Experience
- Bachelor's or master's degree in computer science, Information Technology, or a related field.
- Minimum 5 years of experience in a cybersecurity engineering, information security, or software development role, with a strong focus on secure software development practices, preferably in the financial services industry.
- Deep technical understanding of common application security vulnerabilities (e.g., OWASP Top 10), attack vectors, and mitigation strategies.
- Strong experience with secure coding principles and security best practices for various programming languages and frameworks.
- Proficiency in utilizing and interpreting results from application security testing tools (SAST, DAST, IAST) and manual penetration testing techniques.
- Experience applying DevSecOps principles including CI/CD, configuration, and infrastructure (Unix/Linux) as code, and auto-remediation.
- Practical development experience with Python and one or more languages such as Java and/or JavaScript/TypeScript.
- Familiarity with Generative AI concepts and their potential applications in cybersecurity, especially in areas like code analysis, vulnerability detection, and threat intelligence. Comprehensive understanding of secure software development lifecycle methodologies and frameworks
What We’re Looking For
- Highly analytical and technically curious problem-solver who is passionate about securing applications throughout their lifecycle.
- Strong collaborator across development, DevOps, and other security teams, with excellent written and verbal communication skills.
- Experienced in designing, implementing, and operationalizing secure development practices and security automation.
- Proactive self-starter passionate about driving secure design, secure coding, and continuous security improvement within the SDLC.
- Self-driven, investigative mindset with the ability to work independently under minimal oversight and lead security initiatives.
Location
DBS Asia Hub
Job
Technology
Schedule
Regular
Employee Status
Full time