Application Security Tester
Alphaeus Pte Ltd
Job Description
The scope of application security engineer activities are as follows:Web Application SecurityAPI SecurityCloud Application Security (application layer only)
Activities:The scope of activities are as follows:Security Assessments, Threat Modelling & Code ReviewsPerform application security assessments for web, API, and cloud-hosted services.Conduct threat modelling for key features/releases (trust boundaries, data flows, misuse cases)Conduct tool-assisted secure code reviews for selected modules
Security Controls, Authentication & EncryptionDefine/refine application security controls (validation, encoding, secure headers, rate limiting)Define/refine auth mechanisms (OAuth2/OIDC, session/token handling, MFA patterns where applicable)Define/refine encryption and key management patterns (TLS, encryption at rest, key rotation)
Secure Coding Guidelines and StandardsDevelop and maintain secure coding guidelines, checklists, and secure patternsMaintain standards aligned to OWASP Top 10 and OWASP API Top 10 risks
Remediation Support & Fix VerificationCollaborate with development teams to remediate vulnerabilities.Retest and verify fixes and provide closure evidence
Application vulnerability related Incident Monitoring & Response SupportSupport triage of application vulnerability-related incidents.Conduct root-cause analysis and recommend preventive guardrails.
Documentation of Application Security guidelines and checklistsDescription of Deliverables:Threat model artifacts and secure architecture review notes.Code review findings from security perspectiveSAST, DAST scan profiles and scope rulesSAST, DAST reviewed findings reports, with remediation guidance.Defined/refined Security standards - secure coding guidelines and checklistsIncident triage support notes and post-incident improvement actions.Weekly/Monthly status reports, as per agreed formatAny other development/support tasks/deliverables assigned by the Management
Requirements:Experience with web application securityKnowledge of API securityUnderstanding of cloud application securityExperience with security assessmentsFamiliarity with threat modellingExperience with secure code reviewsKnowledge of security controlsUnderstanding of authentication mechanismsFamiliarity with encryption and key managementExperience with secure coding guidelines and standards