Application Security Engineer

Sopra Steria is a listed European tech leader specializing in Consulting, Digital Services, and Software. With 60,000 employees worldwide across Europe, North America and Asia, Singapore serves as the HQ for our APAC operations. We focus on delivering Infrastructure, Cloud and Cybersecurity services across the region.

Description

For this project, we are forming a team of 6 (including 1 team lead) to assist in a huge upcoming government project to perform the following scope of works:

(i) Security Risk Assessment

(ii) Security Policies, Standards, Guidelines, And Procedures Review

(iii) Security Design

(iv) Application Security

(v) Vulnerability assessment and

(vi) System Security Acceptance Testing

(vii) Cloud Security

The selected candidate will be working collaboratively within the team to fulfil the project requirements. As such, there is no expectation for one individual to possess all skill sets in the 6 domains.

As a expert in Application Security, your role will focus on providing expert advice, conducting security assessments, and helping government teams build security into every stage of their software development lifecycle.

Responsibilities

Perform comprehensive risk assessments of development environments, DevOps workflows, and CI/CD processes.

Perform security assessments, threat modelling, and code reviews to identify vulnerabilities in applications.

Review and recommend improvements in areas such as identity and access management, network security, secure SDLC practices, source code management, cryptographic key handling, and data protection.

Guide application teams on adopting secure development practices and integrating security tools such as SAST, DAST, and VAPT into their workflows.

Review existing CI/CD pipelines from a security perspective and provide expert recommendations to align with DevSecOps principles.

Mentor and advise internal teams on secure coding practices across various platforms and languages (e.g., JavaScript, Node.js, Java, C#, Python, etc.).

Develop and maintain secure coding guidelines and security standards.

Collaborate with development teams to remediate security issues and provide guidance on secure coding practices.

Requirements

• At least 3 years of experience in application security or software development with security focus.
• Strong experience in DevSecOps with a solid foundation in cybersecurity and risk assessment.
• Hands-on knowledge of secure software development lifecycle (SSDLC) principles and tools.
• Familiarity with integrating security testing tools and practices within CI/CD environments.
• Experience with secure coding and vulnerability assessments across common web and mobile technologies.
• Ability to work with and guide development teams without being directly involved in implementation.
• Excellent communication skills and the ability to translate complex security requirements into practical advice

Benefits

• Regular team buildings
• 18 leave days / year

Insurance: GP, Dental, Optical, Hospitalization

Annual bonus

Working hours: from 8:30am to 6pm, Monday to Friday

Training and certifications paths

Visit website

Sopra Steria, a European Tech leader recognized for its consulting, digital services and software development, helps its clients drive their digital transformation to obtain tangible and sustainable benefits. It provides end-to-end solutions to make large companies and organizations more competitive by combining in-depth knowledge of a wide range of business sectors and innovative technologies with a fully collaborative approach. Sopra Steria places people at the heart of everything it does and is committed to making the most of digital technology to build a positive future for its clients.

With 47,000 employees in nearly 30 countries, the Group generated revenue of €4.7 billion in 2021.