Application Security Engineer (Pentester/ Code Reviewer)
Crypto.com
- Singapore
- Permanent
- Full-time
- Discover security vulnerabilities through design review, manual source code review, and follow up on the remediation process
- Use automated tools to find security vulnerabilities in source code and/or system
- Participant in relevant agile scrum meetings and provide professional recommendations on the design of security controls, libraries, and/or protocols
- Conduct secure coding training sessions
- Implement various security control verification and risk detection by developing our own automation system
- Implement security related libraries for internal use
- Provide support on application level security monitoring, intrusion detection, and incident response
- Either 1-4 years of software development experience focusing on Server Side development, OR 1-4 years of experience in web-api and mobile app penetration.
- A deep understanding of OWASP Top 10 and the ability to spot and address logic flaws
- Good understanding of the whole software development lifecycle, CI/CD tools, cloud, Kubernetes, and various and technology stacks
- Security-related certificates such as OSCP, CREST, CISSP, and CLSSP are definitely an advantage
- Proficiency in both spoken and written English. Being able to speak Mandarin will be an advantage