Senior Application Security Engineer
Kuala Lumpur
GfK
Learn how GfK's data analytics, consumer reports & market intelligence can help you generate the marketing strategy that drives business decision making.Country
MalaysiaJob Family
ITWe show the world what people want.
Join GfK and help us shape tomorrow. As an NIQ company, we are the world's leading consumer intelligence firm, delivering the Full View™ on consumer behavior. We work to enable manufacturers and retailers better understand what consumers really want. Our name has inspired trust for over 89 years because we take pride in discovering new pathways to sustainable growth for our clients, our people, and our planet.
We are always looking for open-minded people who will grow with us, push boundaries, and pioneer disruptive methods in market research, data science, technology, and AI. If you share this passion to drive things forward and the integrity to insist on doing things the right way, we'll equip you to take your future into your own hands and play a leading role in our story.
Job Description
Key Responsibilities
• Embed security culture within the CSG engineering teams
• “Shift left” and automate security wherever possible
• Work with engineering squads (Developers, SREs & QAs) to ensure that projects are secure on delivery
• Provide KPIs/metrics to ensure testing coverage and vulnerabilities are remediated within agreed SLAs
• Integrate security tools into the SDLC
• Build/maintain/support security testing tools
• Manually validate findings from security scans to eliminate false positives
• Work in a fast-paced environment to identify and assist troubleshooting of vulnerabilities identified during application vulnerability scans
• Explain risk and criticality of identified vulnerabilities to business owners/technical teams and advise on remediation activities, including attending development/engineering stand-ups
• Work with business application owners/technical engineering teams on remediation plans and assist teams on what to fix and how to fix it
• Perform threat modelling on web applications, public cloud and containerized environments
• Run static analysis and perform code/third-party library reviews to identify security weaknesses
• Conduct risk assessments of web applications
• Support security incidents involving Cloud environments and web services
• Assist with management and tuning of the Web Application Firewall (WAF)
• Assist maintaining a CMDB of web applications and performing risk assessments of the applications
• Contribute to the application security framework
• Part of the Security Community of Practice (CoP)
• Take ownership of additional duties as required
Experiences/Skills/ Competencies required:
Skills:
• Be able to build good working relationships with both technical and business stakeholders, gaining their respect and trust based on your knowledge and professionalism
• Have the ability and desire to quickly learn new technologies
• Excellent communication skills and ability to work with global counterparts
• Ability to work in a fast-paced environment
• Promote DevSecOps, leading by example to change existing systems and practices for the better
• Good troubleshooting skills
• Forward looking approach to addressing existing & upcoming security challenges
Technical Skills:
• Full understanding of web stack, web security and common vulnerabilities (e.g. SQLi, XSS etc.)
• Development skills to facilitate code reviews or tool development
• A good understanding of securing public cloud technologies (AWS & GCP)
• Ability to work with APIs and plugins to integrate security tools into established CI/CD pipelines
• DevOps Automation using Jenkins, Puppet, Ansible, GitLab etc
• Experience with securing container technologies including Docker and Kubernetes
• Experience integrating DAST, SAST, IAST & SCA tools into the SDLC
• Hands-on experience of infrastructure as code and Hashicorp Vault
• Understanding of network devices like firewalls, routers, etc. and platforms such as Windows, Unix, etc
• Proficiency in Bash, Python, Perl, PowerShell or other scripting languages
• Ability to review and analyze vulnerability data to identify security risks to the organization's network, infrastructure, and application's and determine any reported vulnerabilities that are false positives.
• Capability to prepare security vulnerability and risk management reports for management.
• Leadership and Teaming skills to coordinate remediation of vulnerabilities within established timeframes.
• Strong knowledge of OWASP
• Ability to think like a hacker
Experience:
• Experience working with Developers, DevOps, and Engineering teams in a dynamic environment to promote/implement the DevSecOps program throughout the organization
• Minimum of 5 years’ experience of relevant IT experience, with at least 3 years devoted specifically to DevSecOps
• Educated in Cyber Security/Computer Studies/Engineering
• Public cloud security certificate from AWS/GCP preferred
• SANS training or GIAC/OSCP/OSWE desirable
• Experience working in an Agile/Sprint based delivery environment (using Jira/Confluence or other bug tracking tools) would be an advantage in this role
• Prior DevOps/Development/QA experience would be beneficial
Other Responsibility
Other responsibilities may be allocated by the line manager to ensure the effectiveness of the group. All employees within GfK are expected to promote the image of the company. This will be done in part, by adopting a professional appearance and maintaining an efficient and effective working environment. It is expected that employees adhere to any specific deadlines set in respect of Company issues relating to professional servicing (internal and external) and objectives. The detail and scope of this job description may be altered to take account of changing company needs.
We are an ethical and honest company that is wholly committed to its clients and employees. We are proud to be an inclusive workplace for all and are committed to equal employment opportunity, focusing on all of our employees reaching their full potential.
We respect and value every employee regardless of race, ethnicity, gender, sex, sexual orientation, age, personality, experience, culture, faith, socio-economic status, or physical or mental disabilities.
We endorse the core principles and rights set forth in the United Nations Declaration of Human Rights and the Social Charter of Fundamental Rights of the European Union, promoting the universal values of human dignity, freedom, equality, and solidarity.
Learn more about how we are driving diversity and inclusion in everything we do on: https://www.gfk.com/about-gfk/diversity-and-inclusion
At GfK we work collaboratively with our colleagues but offer a flexible working approach, including dividing our time between office & remote working as well as the opportunity to flex our working hours around team core hours.
We offer an exciting work environment that brings people together. We encourage an entrepreneurial and innovative spirit and make use of the latest digital technologies. We are looking for self-starters, who accept challenges and create solutions.
Can there be a better place to take center stage in the digital revolution? We are excited to get to know you!
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile Ansible APIs Application security Automation AWS Bash CI/CD Cloud Confluence DAST DevOps DevSecOps Docker Firewalls GCP GIAC GitLab IAST Jira KPIs Kubernetes OSCP OSWE OWASP Perl PowerShell Puppet Python Risk assessment Risk management SANS SAST Scripting SDLC SLAs UNIX Vulnerabilities Vulnerability scans Windows XSS
Perks/benefits: Career development Flex hours
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Cybersecurity Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Chief Information Security Officer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Security Specialist jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Application security-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open Forensics-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs