Lead Application Security Engineer

Keywords: Application Security, Financial Services, Threat Modelling, Pipeline Automation, Code Review, Software Development, Java, Node.js, Go. CI/CD, DevSecOps.

What You'll Do:

• To act as the primary architect for the digital bank’s secure coding lifecycle.
• Lead lead the effort to integrate security tools into the development pipeline and personally threat-model the most critical financial features.
• Threat Modeling: Lead design reviews for new banking features (Payments, Transfers, KYC). Identify logic flaws before code is written.
• Pipeline Automation: Architect and maintain the SAST/DAST/SCA tooling in the CI/CD pipeline (e.g., SonarQube, Snyk, GitLab CI) to block vulnerabilities automatically.
• Code Review: Perform manual code audits on high-risk components (Authentication, Ledger logic) in Java, Kotlin, or Swift.
• Culture: Act as a mentor to the development team, running secure coding workshops and championing a "Security Champion" program

What You'll Bring:

• 5+ years in Application Security with a background in Software Development.
• Proficiency in at least one core language: Java (Spring Boot), Node.js, or Go.
• Deep understanding of OWASP Top 10 and SANS Top 25.
• Experience with CI/CD integration (Jenkins, GitHub Actions).
• Experience in Fintech or Financial Services.

What's next:

If you are ready to take the next step in your cybersecurity career within a collaborative environment that values your expertise and supports your growth—this is your chance!

Do note that we will only be in touch if your application is shortlisted.

Agensi Pekerjaan Robert Walters Sdn Bhd
Business Registration Number : 729828-T
Licence Number : JTKSM 423C