IT Security Champion IT Security Champion …

Keyteo Consulting
in Singapore
Permanent, Full time
Last application, 24 Oct 20
Keyteo Consulting
in Singapore
Permanent, Full time
Last application, 24 Oct 20
KEYTEO is an international and independent group, which grows in a cooperative spirit. Being determined to evolve through an open communication, our employees are directly involved in the center of our projects. We are sure: by forming a team, we will be able to achieve our common goal !

He/she will be in charge of:
 Integration of security into software development during design and development
 Analysis of IT systems architecture in terms of security and risk/threat modelling
 Contribution to the definition of the different types of security tests to be performed
 Supporting the development team in terms of secure development practices
 Supporting the infrastructure/middleware teams in terms of securization
 Performing security code reviews and white box penetration testing during the development sprints
 Automation of security testing process
 Coordinating with the third party vendors and internal stakeholders for the penetration and black box testing
 Review and assess the results of external penetration testing, and agree corrective action
 Supporting the development teams to reproduce issues
 Research and monitor current software security risk
 Provide software security training to the development team

Skills & Experience
 Bachelor’s degree in Computer Science or the equivalent. A master’s degree is a plus
 At least 2+ years of hands-on experience doing security code analysis or reviews
 At least 2+ years of hands-on experience doing penetration and vulnerabilities tests
 At least 2+ years of hands-on experience as a software developer
 Any certification around security: GSSP-JAVA, GWEB, ECSP, CSSLP, CEH, CES etc.

 Strong critical thinker with problem solving aptitude.
 Capacity to provide deep perspective on cyber and security threats
 Excellent written and oral communication skills
 Knowledge and experience of common security protocols (e.g. TLS, OAuth 2.0, SAML, Open ID Connect, LDAP etc.) and crypto libraries (Open SSL, JWT etc.)
 Knowledge and experience of server side security, authentication and authorizations mechanisms
 Knowledge and experience of Web security (OWASP etc.) and Javascript/SPA security
 Knowledge and experience of static code security analysis and security code reviews
 Knowledge and experience of vulnerabilities/penetration testing
 Experience of a secure software life cycle in a software house or large IT department
 Software development experience

 Knowledge of Spring Security
 Experience of CI/CD and DevSecOps
 Knowledge and experience of Mobile security on Android and iOS
 Experience with hardening of middleware (Tomcat, Apache, NGINX, Mongo DB etc.)
 Contributing to open source projects or participation in hacker events
 Knowledge of encryption and key management
 Knowledge of IAM and SIEM solutions
 Knowledge of AS400
 Awareness of security standards relevant to SaaS and experience with Cloud platforms


More Jobs Like This
See more jobs