Application Security Engineer
KRISE SOLUTIONS PTE. LTD.
Job Description: Application Security Engineer
Role Overview
We are seeking a highly skilled Security Engineer to join a dedicated engineering team focused on securing Singapore’s critical applications. In this role, you will not just find vulnerabilities—you will be the hands-on engineering resource responsible for fixing them.
You will analyze, triage, and directly remediate security flaws identified through Penetration Testing, Static Application Security Testing (SAST), and Dynamic Application Security Testing (DAST). This role bridges the gap between pure security auditing and core software engineering, ensuring our modern Java, Angular, and React applications are robust against evolving threats.
Key Responsibilities
1. Vulnerability Triage & Code Remediation
• Hands-on Fixing: Directly write, test, and deploy secure code to fix vulnerabilities including Injection flaws, XSS, CSRF, SSRF, Broken Authentication, Broken Access Control, Secrets Exposure, and API security issues.
• Triage & Validation: Analyze findings from SAST/DAST tools and penetration tests, eliminate false positives, and perform root-cause analysis.
• Dependency Management: Proactively manage and upgrade insecure third-party dependencies and libraries.
2. Engineering & Collaboration
• Secure Architecture: Design and document remediation design notes and secure coding recommendations for broader development teams.
• Testing Coordination: Partner with application teams and security stakeholders to coordinate rescans and penetration test retesting to validate fixes.
• Backlog Management: Maintain precise tracking of engineering tasks and evidence within Jira.
3. Governance & Reporting
• Participate in weekly remediation review meetings and monthly governance reviews.
• Contribute to monthly security dashboards and executive governance reports.
• Document risk acceptance reviews and maintain exception registers when immediate remediation isn't feasible.
Technical Skills & Experience
• Experience: Minimum of 5+ years of experience in software engineering with a heavy focus on Application Security (AppSec), or as a dedicated AppSec Remediation Specialist.
• Core Tech Stack: Strong, production-grade coding experience in Java (Spring Boot) and modern frontend frameworks (Angular and/or React).
• Security Frameworks: Deep conceptual and practical understanding of the OWASP Top 10 and API Security Top 10 vulnerabilities.
• Tooling Familiarity: Experience interpreting outputs from SAST, DAST, and Software Composition Analysis (SCA) tools (e.g., SonarQube, Checkmarx, Veracode, Snyk, or similar).
• Cloud & Architecture: Understanding of cloud security best practices (AWS/Azure/GCP) and secure API gateway architectures.
Soft Skills & Process
• Strong analytical skills to perform root-cause analysis on complex software vulnerabilities.
• Excellent documentation skills for creating clear remediation design notes and architectural recommendations.
• Familiarity with Agile workflows and issue tracking tools like Jira.
• Bonus: Relevant certifications such as CSSLP (Certified Secure Software Lifecycle Professional), CEH, or CASE.
Note for the "Team Lead" Variant: If you are adapting this for the Lead Engineer position, add the following expectations:
• Act as the primary point of contact for application and security stakeholders.
• Drive the quarterly continuous improvement assessments and own the delivery of the Monthly Executive Governance Reports.
• Oversee the remediation backlog allocation for the 2–3 junior/mid-level engineers on the team.