Application Security Engineer

Job description

We’re looking for a Security Engineer with secured Application Development background to join our Global Cybersecurity Services – Application Security Rapid Lab team. In this role, you are expected to work directly with the Application Security core team to build and support the remediation of security vulnerabilities. The team is focusing on building the secured modules to help the business units to avoid any secrets on the source code repositories. Have the skills and knowledge for the job? Learn more about the opening below! Position Responsibilities:Work closely with Application Security team to drive the initiative of secrets remediation programPart of Cyber Assessment team, to build internal reusable libraries as a standalone component in remediation of secrets/credentials in the source codeEvaluating and attempting to understand organization security requirements and secrets/credentials to be moved to vaults specifically to AKV and HashicorpUnderstanding secure design to ensure newly built codes are secured and pass through the Application security gatesIndependently design and develop utilities to resolve the larger problem of hard coded secrets in the configuration files to be migrated to the vaultsParticipate in project related meetings: information gathering, solution design, project checkpointsKeeping automation in mind while developing the solution for remediation to self-heal solutionsPropose, examine and assist in the solution design to adequately resolve or remediate the hard coded secrets from source code while keeping away any impact to the systemEvaluate business needs while solving the problem, design thinking and effective communication with stakeholdersApply creative problem solving throughout the secure software development life cycle to continuously improve the effectiveness of the end-to-end process.Ideate. Test. Learn. Iterate. Bring a flexible, adaptive mindset, comfortable with ambiguity in a rapidly changing technology environment.Be a continuous learner, not only for your own career, but from teams’ successes and failures.Embrace open-source communities, both internally and externally, sharing your knowledge across your team and peers. Required qualifications:Education: Bachelor’s degree in computer science or related disciplineExperience: Minimum 5 years of experience in performing hands-on application development preferably using Java/Python/C# programming languagesSoftware design and development experience, especially in building backend systems.Clear understanding of software secrets management, credentials, and secret life cycle in application developmentDemonstrated technical knowledge of secure SDLC, understanding GitHub, SCA, SAST, DAST, and Secrets scans are a mustDemonstrated experience with security assessment frameworks and procedures, including following industry best practice methodologies to ensure business components are readyMust be amenable to work in Quezon City on a hybrid setup on a mid- to night-shift schedule, depending on the business need. Preferred qualifications:Adequate knowledge on different types of Secrets used in Application, specific hands-on experience in dealing with API credentials are always plus pointPossess good holding on the SDLC tools like IDE, GitHub, Snyk, GitGuardian and the best programming practicesExtensive technical knowledge of security industry best practices and procedures.Experience in developing security tools, using scripts and utilities to automate assessment and analysis activitiesExcellent verbal and written communication skills including the ability to articulate the remediation steps back to the customersExceptional customer service, communication and interpersonal skills.Ability to communicate and work closely with executives, peers and employees at all levels.Strong time management and organizational disciplineHigh degree of integrity, competence, adaptability, resilience and initiative.Experience working in an international environment with people from multiple cultures preferred. When you join our team:We’ll empower you to learn and grow the career you want.We’ll recognize and support you in a flexible environment where well-being and inclusion are more than just words.As part of our global team, we’ll support you in shaping the future you want to see.