DKatalis is a financial technology company with multiple offices in the APAC region. In our quest to build a better financial world, one of our key goals is to create an ecosystem linked financial services business.

DKatalis is built and backed by experienced and successful entrepreneurs, bankers, and investors in Singapore and Indonesia who have more than 30 years of financial domain experience and are from top-tier schools like Stanford, Cambridge London Business School, JNU with more than 30 years of building financial services/banking experience from Bank BTPN, Danamon, Citibank, McKinsey & Co, Northstar, Farallon Capital, and HSBC.

Responsibility

To drive integrating security seamlessly into the Software development lifecycle, the Lead Application Security Engineer will serve as a technical subject matter expert working with Technical teams. This individual will collaborate with teams and vendors to determine security requirements and support all phases of integration, operations, and maintenance to ensure a secure software environment. They will be able to work independently or in a team environment.

Development :

Provide subject matter expertise on secure coding practices and security design based on current knowledge of security threats and vulnerabilities that could impact the technology stack
Support definition of Secure SDLC standard to include security architecture, design, and coding requirements for infrastructure, application, and data to align with application security maturity model and adopt a shift-left approach for security.
Evaluate various application security tools, including SAST, DAST, SCA, IAST, and Pen Testing, and operationalize security tools for integration with CI/CD.
Explains and interprets the vulnerability report items to development staff.
Perform application testing and review security test results from scans and penetration testing to identify possible vulnerabilities that may be exploited and propose remediation solutions or mitigation controls.
Develop security controls and processes for products and services developed and deployed for both cloud environments, preferably GCP.
Perform threat modeling, conduct security architecture reviews, and provide training to architects and developers to enhance the adoption of secure coding practice within the product development lifecycle.
Provide security-related coaching and expertise to drive and elevate security expertise within the development teams.
Lead security innovation and best practices in product development through collaboration and learning from industry professionals and consortiums
This position is also subject to being "on-call" for emergencies requiring immediate resolution.

Requirements :

Minimum 5 years of experience building production web applications and services in at least two on some of the following languages: Node JS, Java, React-Native, Android / Flutter
Experience performing Red Team operations in enterprise environments
Experience in software coding/development including, scripting languages
Building, deploying and managing Red Team operational infrastructure
Knowledge of adversarial TTPs
Experience with compromise and lateral movement in Mac, Linux, and Windows environments
Open-source intelligence gathering and social engineering
Web and mobile application assessments
Wireless and network assessments
Experience with custom payloads and exploit use in a production environment

Desired skills & credentials :

CVE/Bug bounty/responsible disclosures
Knowledge of secure architecture and design patterns for Web, Mobile, and Microservices
CI/CD and Appsec Tools: Sonar, Fortify, Checkmarx
Reverse Engineering and Fuzzing to identify potential vulnerabilities
Exploit development
Security / Forensics Tools: Burp, Nmap, Nessus, NetStumbler, Cain & Abel, THC Hydra, W3af, GFI LANguard, Wireshark (Tshark), WinDump (TCPDump), Web inspect, tcpreplay, Access Data FTK, Encase, Helix, etc.
OS & Testing Distros: RH Linux, CentOS, Fedora, Windows / XP / 7 / 10 / BackTrack, Kali Linux, PentestBox etc.
Frameworks/Guidelines: ISO27001, NIST, ITU-T, OWASP, WASC, etc.
Information security certifications: GPEN, OSCP, OSCE, OSWE

Apply for this Job

* Required

First Name *

Last Name *

Email *

Phone *

Resume/CV *

Dropbox Google Drive

(File types: pdf, doc, docx, txt, rtf)

How do you know about us? *

  Instagram
  LinkedIn
  Telegram / WAG
  Online Event (Webinar)
  Referral
  Others

Referral *

(If you are referred by one of our employee please write your friends full name)

Others *

(Please specify)

Our system has flagged this application as potentially being associated with bot traffic. Please turn off any VPNs, clear your browser cache and cookies, or try submitting your application in a different browser. If this issue persists, please reach out to our support team via our help center.

Please complete the reCAPTCHA above.