Bring your career aspirations to life with AIA!

Responsible for providing security assessment and driving the timely remediation for the digital solutions across technology to ensure secure solutions for business growth.

We are looking for a security engineer who has hands-on experiences in performing source code review and conducting penetration test for the web applications and mobile applications in both on-premise and Cloud environment to drive the remediation the issues to be compliant with Enterprise security policy and regulatory requirements. This position is responsible for providing security assessment and driving the timely remediation for the digital solutions across technology to ensure secure solutions for business growth.

Roles/Responsibilities:

Security Engineering

• Perform source code review and penetration test for web applications and mobile applications
• Support application team to review security issues and come out a practical remediation plan to drive timely remediation
• Review and analyse vulnerability data to identify security risks to the organization's environment and application security and determine any reported vulnerabilities that are false positive part of the scans
• Work with Application team with API Security, Container Security, Azure Cloud Security
• Work closely with application development team to proactively review the issues identified from source code review and penetration test and drive the remediation discussion and execution
• Support CI/CD process, continuous integration (Git), continuous deployment (Travis/Jenkins), and deployment orchestration (Ansible, puppet, or equivalent)
• Support and work with APIs and Plugins to integrate security tools into established CI/CD pipelines
• Collaborate with application developers and database administrators to deliver creative solutions to difficult technology challenges and business requirements.
• Responsible for automating security controls, data and processes to provide improved metrics and operational support.

Requirements:

• Education –

University degree in one of the following or related disciplines (Computer Science, Computer Engineering, Information Security, Information Systems)

• Experience –

• 2 - 5 years of experiences of information security domain, especially hands on experience for source code review and penetration test
• Proficiency and hands on experience in Java/JavaScript Programming and Bash, Python or other scripting languages etc
• Family with industry security tools, Veracode, SonarQube, Fortify, Snyk, MAST etc in the CI/CD pipelines: Azure DevOps, Bamboo, Jenkins
• Experience with working on open-source software related to Intrusion Detection, Prevention, and File Integrity Monitoring Systems and Flow based solutions – a plus
• Experience coordinating and performing vulnerability assessments through the use of automated and manual tools (Tenable, Qualys, etc). – a plus
• Experience configuring, implementing and leveraging computer security and networking diagnostic/monitoring tools – a plus
• Knowledge of Windows and Linux patch management and related information security functions (authentication, encryption, iptables, SSL, Ciphers, etc) – a plus
• Good interpersonal and communication skill
• Good team player with a high integrity, proactive mindset, and strong ownership

• Certifications/licenses –

• Preferably a holder of one or more of the following information security and audit qualifications: CISSP, CEH

Build a career with us as we help our customers and the community live healthier, longer, better lives.

You must provide all requested information, including Personal Data, to be considered for this career opportunity. Failure to provide such information may influence the processing and outcome of your application. You are responsible for ensuring that the information you submit is accurate and up-to-date.