SENIOR APPLICATION SECURITY ENGINEER
Raytheon Technologies
- Changi, Singapore
- Permanent
- Full-time
- Works with application development team, business unit process experts, and outsource technology partner to design and secure IT/OT solutions.
- Develop functional, interface and technical specifications for software and hardware for security assessment.
- Drive DevSec platform and practices for Digital Innovation Hub team such as version control system, static and dynamic code scanning.
- Responsible for application security test solutions such as vulnerability assessment and penetration testing,
- Support development team and Corporate network team assessment around application security monitoring with tools such as IDS/IPS, firewall, EDR, SIEM, SOAR, Threat Intelligence platform etc.
- Contribute to architecturally significant requirements and technical risk area identification.
- Support testing for products system integration, to ensure security compliance.
- Serve in a design quality role (systems) helping to assure that development teams observe Secure Software Development practices.
- Ensure the ongoing management of a Secure Software Development Life Cycle to ensure on time delivery of application sprints with security compliance and best practices.
- Keep updated about the latest threat, IT security technology and adherence guidelines and reflect existing and coming security solutions.
- Degree in Computer Science/ Computer Engineering/Information technology.
- A passion for ongoing management of a Secure Software Development Life Cycle
- Experience on Secure Software Development, secure code quality control, and application and system integration vulnerability assessment.
- Experience with Application Development and Software Assurance in a highly regulated industry
- Technical background in the areas of Enterprise IT and industrial control systems, process control networks, SCADA or other industrial automation is important and preferred
- Strong understanding in cybersecurity risks and controls, vulnerability assessment, endpoint security solutions, managed security service, cloud security.
- Experience with different cyber security controls and solutions, e.g. Identity and access management, network security, endpoint security, application security, IDPS, deep packet inspection, SIEM, data analytics, security and/or risk management, SOC and NOC are strongly preferred
- Good knowledge in one or multiple areas such as Windows, UNIX, mid-range, firewalls, intrusion detection, threat detection analysis, and/or information risk management.
- Knowledge of local and global compliance standards and guideline (e.g. PDPA, PCI, SOX, HIPAA, NIST, MITRE ATT&CK, OWASP).
- Good knowledge of performing routing protocols (MPLS, HAIPE/IP, QOS and WAN).
- Good knowledge of performing secure configuration on network assets, e.g. Firewall, Gateway devices, Switches, NAT, Domain controller, encryption certificate, etc.
- Strategic security certifications (e.g. CISSP, CISM) is desirable
- Independent thinking, willingness to \"step outside the box\" and take reasonable, calculated risks.
- Passionate and lean towards Innovation, exploration of new way of reducing new technology security risk to the minimum.
- Strong team player that collaborates well with others to solve problems and actively incorporate input from various sources.
- Experience with working on global teams across time zones, cultures and languages.
- Demonstrated Excellent level of analytical ability, communication and interpersonal skills required to build relationships with team members to solve problems and resolve issues.
- Experience on Secure Software Development, secure code quality control, and application and system integration vulnerability assessment.
- Experience with Application Development and Software Assurance in a highly regulated industry
- Technical background in the areas of Enterprise IT and industrial control systems, process control networks, SCADA or other industrial automation is important and preferred
- Support the Continuous Improvement programs and ACE activities within the company
- Minimum ACE Associate certification under ACP
- Support and participate in the EH&S programs and activities within the company
- Report all incidents (injuries, illnesses, near misses, spills etc), hazardous conditions, and emergencies to his/her supervisor
- Responsible for performing a risk assessment of work activities, taking corrective and preventive actions
- Comply with EH&S regulations/policies/programs/rules and use Personal Protective Equipment (PPE)
- Participate in audits and inspections as and when required
- Attend EH&S training programs and takes personal responsibility for safety
- Understand and carry out work performance in compliance with the UTC Code of Ethics, its Supplements and governing policies and the International Trade Policies and Procedures
- Provide a quality product/service that satisfies our customers’ needs and expectations the first time, every time
- Emphasize a total quality management process which provides accuracy, and strict compliance with agency regulations and customer requirements, giving the highest degree of confidence; understanding that meeting the requirements of the next employee in the work flow process is just as important as meeting the needs of external customer.