Principal Information Security Engineer – Application Development

Principal Information Security Engineer – Application Development

DHL Express (Malaysia) Sdn Bhd
Not Specified
Not Specified

Job Description

About the role:
You are an Application Development security professional with solution mindset and hands on security engineering or secure development expertise. You will be a member of the team of cybersecurity engineers at DPDHL IT Services. You will be responsible to provide direction, execution guidance, propose innovative solutions and influence security of digital solutions for a worldwide logistics company. You will collaborate with other teams like Information Security Defense, Information Security Architecture, Risk and Compliance Management to ensure adoption and usage of adequate security measures in application development to support the IT Services strategy to become the competitive advantage for the DPDHL Group.

What you will do:
. Turn application security frameworks and blueprints into viable and technical design, effectively protecting the digitalization journey of DPDHL.
. Drive security enhancements and technological innovations in traditional and agile application development processes.
. Facilitate adoption and implementation of security best practices for applications that make DPDHL the number one logistics company.
. Provide expert recommendation on secure solution architecture & design so that our applications pass any penetration test summa cum laude.
. Support secure means of integrating open source code and APIs.
. Drive the Sec into DevSecOps process and tools.
. Drive application security reviews with threat modeling, architecture and code review as well as dynamic testing.
. Establish and maintain threat intelligence related to secure application build (e.g. vulnerability management for open source components).
. Collaboration on product conceptualization for security by design.
. Assist in development of automated security testing to validate that secure coding best practices are being used.
. Support creation of training materials for secure application development and socialize the material with development teams.
. Stay up-to-date on the latest security threats and the technology being developed to deal with them.
. Actively investigate on new technologies and facilitate onboarding of next generation of enterprise security architecture and technologies.
. Supervise tests of digital infrastructure for vulnerabilities.
. Supervise preparation and review of security documentation as well as participate in security audits.
. Apply industry standard methodologies and frameworks.

You should have:
. Strong and proven track record of implementing application security frameworks, controls and best practices in application build environments.
. Hand-on experience with implementing secure development practices in to SDLC and agile development methods.
. Ability to drive assigned topics and facilitate their implementation.
. Expert understanding of internet security issues, application security technologies, cloud architectures and threat landscape concepts.
. Professional level experience in the Software as a Service (SaaS) and DevSecOps models.
. Familiarity with Open Source Software and security challenges of adopting it.
. Experience in managing application security testing tools, e.g. SAST, DAST, Open Source vulnerability scanning and common security tools.
. Deep knowledge of OWASP Top 10 and CWE 25 with proven track record in implementing and integrating mitigations.
. Good understanding of web applications, web servers, layer 7 application technologies, frameworks and protocols relevant to application development and deployment.
. Familiarity with common security libraries, security controls, and common security flaws.
. Strong capabilities in application security areas such as authentication, authorization, encryption, logging, shielding and hardening techniques, ethical hacking.
. Ability to successfully integrate security into a developer's world.
. Some knowledge of scripting languages (vbscript, powershell, perl, javascript, python, etc.).
. Experience with working in international company is an advantage.
. Strong knowledge of current and legacy security technologies, as well as, emerging technologies and IT trends.
. Background and knowledge of risk assessment technologies and methods.
. Some understanding of security breach protocols and attack vectors..
. Knowledge of cybersecurity best practices.
. Communications skills, consulting skills and skills to drive topics in a virtual team spread over several locations.
. Verbal and written communication skills.
. Excellent English and proficient presentation skills.
. Industry recognized security certification is an advantage.

What you will get from us:

  • Great team of IT professionals with global working exposure
  • Flexible Benefits - customized according to individual needs
  • On-going professional and technical training and certifications
  • A multicultural environment in modern offices
  • Choose any day for your vacation from earned public holiday (Saturday and ad hoc)
  • Smart casual everyday
  • Global internal job opportunities available within DPDHL
  • Unlimited Outpatient Medical
  • Home office possibilities

Job Details

Employment Types:

Similar Jobs

People Also Considered

Career Advice to Find Better