- 1 year contract position (convertible to permanent depending on KPI) - $4,000-$5,200+1 month completion bonus - Mon–Fri, 9am–6pm - Telok Ayer The Application Development Security Senior Analyst is a critical bridge between the Cybersecurity and Software Engineering teams. You will ensure that security is not an afterthought but a foundational component of the Software Development Life Cycle (SDLC). Guided by our Secure Software Development Framework (SSDF), your mission is to find, fix, and prevent vulnerabilities in our proprietary software before they can be exploited. Job Responsibilities: Policy & Procedures: Engage with the relevant stakeholders to establish and review corporate policy and procedures governing the secure development of applications. Security Architecture & Design: Participate in "Shift Left" initiatives by performing threat modeling and architectural risk assessments during the design phase. Vulnerability Management: Conduct regular SAST (Static), DAST (Dynamic), and SCA (Software Composition Analysis) scanning. Prioritize and triage results for development teams. Code Review: Perform manual secure code reviews to identify logic flaws and vulnerabilities (OWASP Top 10) that automated tools might miss. DevSecOps Integration: Assist in automating security checkpoints within CI/CD pipelines (e.g., Jenkins,GitLab CI, GitHub Actions). Remediation Guidance: Act as a consultant to developers, providing clear, actionable advice and codesnippets to fix identified security gaps. Training & Advocacy: Lead "Security Champion" programs and conduct secure coding workshops to foster asecurity-first culture. Period: 1 year contract position (convertible to permanent depending on KPI) Working Hours: Mon–Fri, 9am–6pm Salary: $4,000-$5,200+1 month completion bonus Location: Telok Ayer Requirements : Bachelor’s degree in Computer Science, Cybersecurity, or a related technical field (or equivalent experience). 3+ years in application security, penetration testing, or secure software development. Proficiency in at least one major language (e.g., Java, Python, JavaScript, or C#). Deep understanding of web application vulnerabilities (SQLi, XSS, CSRF, SSRF). Experience with security tools like Burp Suite, Checkmarx, Snyk, or Veracode. Familiarity with container security (Docker/Kubernetes) and Cloud environments (AWS/Azure/GCP). Certifications (Preferred): CSSLP, GWEB, CASE, or OSCP. Analytical Thinking: Ability to think like an attacker to foresee potential bypasses in application logic. Communication: Exceptional ability to translate complex security risks into business impact for non-technical stakeholders. Collaboration: A "builder" mindset—focused on enabling developers to work fast and securely, rather than just acting as a gatekeeper Interested applicants, kindly email your detailed resume (MS Word format is preferred): joan@successhrc.com.sg (Registration no: R1332758 ) Please ensure that applications sent through email are no bigger than 1Mb . We thank all applicants for your interest but regret to inform that only shortlisted candidates would be notified. Success Human Resource Centre Pte Ltd (EA License Number: 97C4832 ) 160 Robinson Road, #13-07/08/09 SBF Center, Singapore 06891 T: 6337 3183 | W: www.successhrc.com.sg