Senior Application Security Engineer

Great to Meet You We are Ascenda
Ascenda powers the growth of leading financial services brands worldwide with premium rewards programs that differentiate their products, drive profitable customer behaviors, and create sustained engagement.
We are behind the world-class rewards propositions of major banks and fintechs around the globe, including brands like American Express, Capital One, Brex, Robinhood, Ramp, HSBC, Virgin Money (Australia), SMBC (Japan), ICBC (China), Bradesco (Brazil), ANZ (Australia), HDFC (India) and many others.
We are a thriving global Loyalty as a Service company and experiencing rapid expansion. Join our dynamic finance team as one of its earliest leaders, contributing to the development of our financial planning strategies as we strive for hypergrowth. Our team spans 20 cities worldwide, with dual headquarters in Singapore and New York, totaling 250 team members.
Join us as a Senior Application Security Engineer in Singapore   The Role We are looking for a passionate Application Security Engineer who is keen to learn, grow and bring his/her experience in a fast-paced environment. We promote and do security through (we think) fun and cool stuff.
At Ascenda, our Security Engineers work closely with other engineers like the developers and devops teams, with the common goal of continually improving the security posture of our applications. On some days, we would be conducting pentests on our applications, other days we would be writing, implementing, and working on security engineering projects to suit our security needs.
We have achieved compliance with the most stringent security standards (PCI-DSS, SOC2, ISO Our partners are financial institutions and airlines, and they expect a very high level of availability, reliability and security.
Your Impact We're looking for a senior profile with a genuine passion for technical security and several years of professional experience, who has dabbled in multiple disciplines of security. As a senior member of the Security team, you would be expected to:
Scope out and conduct penetration testing on our various applications, and work together with developers to propose and implement a fix for the findings.Propose and implement projects (SAST/DAST, phishing exercises for example) that ultimately improve the security of our applications and the company as a whole. Suggestions are more than welcomeResearch, analyse, and evaluate the risks of introducing new technologies and tools to our current architecture from a security perspective.Help Ascenda scale out security tasks and processes using automationConceptualise and comprehend various security requirements, applying them to the company's context, and identifying any gaps. Propose and implement solutions to address these gaps.Investigate and analyse the occasional security logs and take the necessary actions.Occasionally provide technical and non-technical security advice to employees. This could range from questions related to "Is this a phishing email?" to "If we design our application in this way, what are the security concerns?".Constantly be up to date with security trends, news and understanding of their relevance to our security posture.Work together with the security team on creating security awareness training materials, targeted at both technical developers as well as non-technical people.Be overall an independent and committed person with a strong tenacity to look into issues deeply 
We expect you to have:Experience in scoping and conducting penetration testing on web applications.Experience in conducting source code reviews across various applications running on microservices architecture.Knowledge of web application and API security vulnerabilities and how they can be exploited.Knowledge in scripting (Bash, Python, Javascript, etc).Knowledge in Linux, AWS, Kubernetes, Terraform, and the Software Development Lifecycle (SDLC).Familiarity with the concepts of Industrial Security Certifications such as PCI-DSS, SOC2, ISO27001.Technical Security Certifications such as CREST, OSCP, OSWE (or any of the other Offensive Security Certifications).Independence and good communication skills, able to interact and work effectively with both technical and non-technical people.
It will be a bonus if you have:Deep knowledge of Cloud and Container vulnerabilities and exploiting them.Deep knowledge in exploiting web applications running on ruby frameworks.Bug Bounty findings and CVEs to your nameExperience with playing CTFs (Share your writeups)

Why Join Ascenda?  Ascenda offers the unique opportunity to lead in the loyalty ecosystem space, shaping the future of rewards programs. We are passionate, we keep things simple, we focus on results, we work together & we innovate   We have a rewarding working place that provides a:
High growth environment & exponential career developmentMobile & flexible work environmentWFH office equipment allowanceMedical insurance coverageEmployee recognition programsCompetitive compensationTravel perks & Employee rewards
Ascenda is dedicated to diversity and inclusion, welcoming candidates from all backgrounds. Join us on our mission to make loyalty simple and rewarding for everyone, everywhere.
Ready to power growth for the financial services industry? Apply now Together, we'll redefine what's possible.

---