Product Security Engineer

Headquartered in Singapore, Advance Intelligence Group **a Series D 'Double Unicorn' valued at US$2 billion**, and also one of the largest independent technology startups based in Singapore. Founded in 2016, the Group has over 2000+ employees and has presence across South and Southeast Asia, Latin America and Greater China serving 1,000+ enterprise clients, 75,000+ merchants and 20 million+ consumers. The Group is backed by top tier investors SoftBank Vision Fund 2, Warburg Pincus, Northstar, Vision Plus Capital, Gaorong Capital, Pavilion Capital, GSR Ventures and Singapore-based global investor EDBI. We are also ranked as the **No.1 Top Startups in Singapore by Linkedin for 2021.** We serve enterprise, consumers and merchants through our key Business Units: - ADVANCE.AI is a leading big data and AI company providing digital transformation, fraud prevention and process automation solutions for enterprise clients in banking, fintech, retail and e-commerce. - Atome Financial offers consumers greater financial access through technology with its suite of products including Atome, a leading "buy now pay later" brand, and digital lending services such as our flagship brands Kredit Pintar, and ND Finance. - Ginee is a leading e-commerce merchant services technology platform serving numerous markets in Southeast Asia; providing comprehensive digital solutions for e-commerce, retail, brand and enterprise customers. We are united by a shared vision and purpose: to Advance with Intelligence for a Better Life-for our customers, colleagues and communities. Our culture is built on values that are core to who we are and what we stand for: - We foster an INNOVATION mindset - We achieve results with EFFICIENCY and excellence - We take pride in the QUALITY of our work - We uphold INTEGRITY in all we do - We embrace COLLABORATION to work across business lines and borders **Key duties & responsibilities**: Support the CTO, Head of Engineering, project managers, Architect and Information Security Lead with the following: - Overall responsibility for Application Security Testing services covering Code Security Reviews (SAST), Mobile Application Security Reviews, Software Composition Analysis, Web Application Scanning (DAST), Developer Security Enablement and Application Penetration Testing - Driving the operation of Application Security tools, planning and execution of scanning and testing, researching and analyzing vulnerabilities, identifying relevant threats, corrective action recommendations, summarizing and reporting results. - Ensure Application Security Testing services are agile to cater for testing requirements for DevSecOps and cloud-based environments - Manage and influence stakeholders in understanding risk exposure and containment measures from AppSec vulnerabilities the Group could be exposed to **Personal Specifications**: The requirements listed below are representative of the knowledge, skill, and/or ability required: - Minimum of 8+ years of domain experience - A degree in Computer Science or Information Security, or in a related technical field. - Certification such as OSCE, OSCP, CREST, CISSP, etc. preferred - Extensive and deep technical knowledge ranging from front-end UIs through to back-end systems and all points in between - To perform their role successfully, they must have technical expertise in at least one domain; software development, network engineering, authentication or security protocols, systems engineering, cryptography, or a combination of all. In addition, they should also be familiar with security best practices and have knowledge of common and emerging security threats - Must be a self-starter who is able to initiate and successfully drive programs and projects to completion with little or no management supervision. - Be a good team player with the ability to lead security initiatives - It is essential to have great communication skills to explain complex security topics in simple language and easy to understand concepts. LI-RR1