Application Security Analyst
Singapore, Singapore
Ninja Van
Ninja Van is Southeast Asia’s leading logistics provider, with the highest service coverage over 6 countries in the region. Experience the joy of hassle-free deliveries by shipping with Ninja Van today.More about us: - We process 250 million API requests and 3TB of data every day.- We deliver more than 1.5 million parcels every day.- 100% network coverage with 1000+ hubs and stations in 6 SEA markets (Singapore, Malaysia, Indonesia, Thailand, Vietnam and Philippines), reaching 500 million consumers.- 600,000 active shippers in all e-commerce segments, from the largest marketplaces to the individual social commerce sellers.- Raised more than US$500 million over five rounds.
We are looking for world-class talent to join our crack team of engineers, product managers and designers. We want people who are passionate about creating software that makes a difference to the world. We like people who are brimming with ideas and who take initiative rather than wait to be told what to do. We prize team-first mentality, personal responsibility and tenacity to solve hard problems and meet deadlines. As part of a small and lean team, you will have a very direct impact on the success of the company.
You need to have knowledge in securing inhouse developed products by performing Web Application, Mobile and API security testing with knowledge of OWASP Top 10 vulnerabilities.
As a team member, you will work with engineering teams to build secure products. Being part of our team, you will manage a portfolio of Web Application’s, Mobile Application Security and API’s Security. There would also be knowledge sharing sessions by attending various security conferences, trainings and internal hackathons.
Role and Responsibilities
- Work individually or as a part of team conducting manual code reviews, static vulnerability scanning, vulnerability validations and false positive analysis
- Enhance existing application security tools and introduce new tools where applicable
- Perform Application Security assessment and sometimes manual code reviews of web applications, web services, mobile, front-end & back-end services
- Work closely with software engineers from the various development teams to build a secure architecture and coding standard across the organization
- Communicate technical and business risk of the vulnerabilities discovered including remediation recommendations
- Work with internal teams to support them in remediation efforts
- Keep abreast with latest technology risks and utilize them in work
- Contribute to the information security strategy and rollout of the strategy
Requirements
- Degree in Computer Science and Engineering
- Experience in Application Security and Code Reviews with sufficient security background (5+ years in Security and 2+ years in software development)
- Experience with penetration testing tools and tool suites such as Burp Suite Pro, OWASP Zap, Postman, Kali Linux, SQLMap, Nessus, etc.
- Experience in web application security, mobile security, API security with knowledge of application vulnerabilities and business logic flaws and threats
- Programming language skills such as Java, ReactJs,NodeJs Javascript (nice to have).
- Experience in security risk assessment and threat modeling of applications
- Familiarity with Google, Kubernetes, Docker, and Terraform
- Excellent language skills and ability communicate complex vulnerabilities to internal teams
- Well versed with OWASP Code Review Guide
- Ability to triage results from automated code scanning tools for false positives and false negatives
- Certifications such as GPEN, GXPN, GMOB, GWAPT, OSWE, OSCP, OSCE, OSWP,CNCF, AWS (Preferred)
By applying to the job, you acknowledge that you have read, understood and agreed to our Privacy Policy Notice (the “Notice”) and consent to the collection, use and/or disclosure of your personal data by Ninja Logistics Pte Ltd (the “Company”) for the purposes set out in the Notice. In the event that your job application or personal data was received from any third party pursuant to the purposes set out in the Notice, you warrant that such third party has been duly authorised by you to disclose your personal data to us for the purposes set out in the the Notice.
Tags: APIs Application security AWS Burp Suite Computer Science Docker E-commerce GMOB GPEN GWAPT GXPN Java JavaScript Kali Kubernetes Linux Mobile security Nessus Node.js OSCE OSCP OSWE OSWP OWASP Pentesting PostMan Privacy Risk assessment Security assessment Security strategy Strategy Terraform Vulnerabilities
Perks/benefits: Conferences
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Product Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open Forensics-related jobs
- Open Kubernetes-related jobs