Application Security Specialist

2 Months ago • 5-7 Years

Job Summary

Job Description

The Application Security Specialist will be responsible for conducting vulnerability scanning, penetration testing, and security reviews. They will design secure software development lifecycles, develop threat models, and integrate security principles into application design. Responsibilities include defining operational processes for code analysis tools, reviewing source code, and performing vulnerability risk assessments. The role involves managing the remediation lifecycle, handling externally reported vulnerabilities, and collaborating with developers. The candidate should have strong experience in cybersecurity and vulnerability management, ensuring the security of the company's systems and applications.

Must have:

Conduct system vulnerability scanning.
Execute manual penetration testing and techniques.
Design secure software development lifecycle.
Develop threat modeling for weakness analysis.
Review and integrate security principles.
Define operational processes for code analysis tools.
Perform security review of source code.
Perform vulnerability risk assessments.
Conduct manual verifications of vulnerabilities.
Manage remediation lifecycle with risk-based approach.
Manage handling of externally reported vulnerabilities.

Good to have:

Experience in software development and scripting is a plus.
Knowledge of cloud security is a plus.
Knowledge of container security is a plus.
Knowledge of DevSecOps and security tools in CI/CD is a plus.
OSCP, OSWE, AWS Certified Security, Google Professional Cloud Security Engineer, and CREST certifications is a plus.
Experience with a tech or financial services company is a plus.

Perks:

Wellness Boost: Resources for physical and mental well-being.
Customized Benefits: Tailor your benefits with our flexible plan.
Growth Opportunities: Unlock your potential through clear progression paths.
Skill Development: Access training resources for personal and professional growth.
Volunteer Time Off: Paid time off to make a difference through volunteering.
Family Support: Paid Family Care Leave and Flexible Benefits for family needs.

12 skills required

12 skills required for this role

Add these skills to join the top 1% applicants for this job

ci-cd

wireshark

burp-suite

cloud-security

azure

aws

linux

cryptography

nmap

oops

innovation

ethical-hacking

Job Details

What We Do

Coda delivers commerce solutions that accelerate global growth for our partners. With over a decade of experience, we’re trusted by 300+ publishers—including Activision, Bigo, Electronic Arts, Moonton, and Riot Games—to grow their revenue and audiences worldwide.

Our suite of solutions includes Custom Commerce, a fully customizable web store; Codapay, enabling seamless direct payments through API integration on publishers’ websites; Codashop, the go-to marketplace for millions of gamers to purchase in-game content; and Distribution, extending Codashop content through our network of trusted commerce partners.

Headquartered in Singapore with a team of 400+ Codans, Coda has been recognized as an industry leader, named an APAC High Growth Company (2023) by Financial Times, one of Granite Asia’s NextGenTech 30 (2024), a payments leader on Fortune’s Fintech Innovation Asia list (2024), and listed among The Straits Times Fastest Growing Fintechs (2024).

For more on how Coda helps publishers grow faster and smarter, visit coda.co.

Conduct system vulnerability scanning to identify infrastructure vulnerabilities in networks, systems, middleware and databases.
Able to execute manual penetration testing and techniques to concentrate on business logic flaws and weaknesses exploitable by automated tools and scripts.
Design the secure software development lifecycle to define the security requirements, control gates and go-live criteria.
Develop threat modelling to perform a systematic analysis of weak areas or gaps from an attacker's perspective.
Review and integrate security principles into the application design and concepts at the requirement gathering and design review stage.
Define the operational processes for static and dynamic code analysis tools by integration into the CI/CD pipelines.
Perform security review of source code and advise the developers in the area of input validation, authentication management, session management, access control, cryptography, error handling, secure file management, memory management and data protection.
Perform vulnerability risk assessments to evaluate the likelihood and impacts of each vulnerability identified.
Conduct manual verifications of vulnerabilities to reduce false positives and enhance the remediation efforts by shortening the remediation time frames.
Manage the remediation lifecycle with a risk-based approach to ensure all vulnerabilities are remediated according to acceptable industry standards.
Manage the end-to-end process of handling externally reported vulnerabilities.

Requirements

Total experience of 5-7 years in cyber security.
At least 3 years of experience in the areas of bug bounty, penetration testing and vulnerability assessment
At least 2 years of experience in the area of vulnerability management
At least 2 years of experience in the area of software development and scripting is a plus
Familiarity with security tools such as Burp Suite, Wireshark, Tenable, NMap, SQLMap, Kali Linux
Knowledge of programming and scripting languages and reviewing source code is a plus
Knowledge of cloud security is a plus
Knowledge of container security is a plus
Knowledge of DevSecOps and security tools in CI/CD is a plus
OSCP, OSWE, AWS Certified Security - Specialty, Google Professional Cloud Security Engineer, Microsoft Certified: Azure Security Engineer Associate, GPEN, and/or CREST certification is a plus
Experience with a tech or financial services company is a plus

Working at Coda

With Codans spread across over 20 countries worldwide, our fast-paced, challenging, and highly collaborative environment breaks down time zones and cultural barriers, empowering you to chase innovative ideas, contribute to Coda’s growth, and make a lasting impact.

If you have a passion for pushing boundaries and thrive on continuous improvement through experimentation, we would love to hear from you!

Our Perks*

Wellness Boost: Stay healthy with resources for physical and mental well-being with our flexible benefits and Employee Well-being Program - because you matter!

Customized Benefits: Tailor your benefits with our flexible plan.

Growth Opportunities: Unlock your potential through clear progression paths.

Skill Development: Access training resources to fuel your personal and professional growth.

Volunteer Time Off: Enjoy paid time off to make a difference in the world through volunteering.

Family Support: Take advantage of paid Family Care Leave to bond with your family, while our selected Flexible Benefits also cater to your family's needs.

*Benefits are reviewed and updated on a yearly basis

We are proud to be an equal opportunity employer, embracing the unique qualities of every individual, regardless of gender, race, age, religion, disability, or other local protected classes. Our goal is to foster an inclusive environment where everyone feels welcome and valued.

Due to the large number of exceptional applications we receive, we can only reach out to shortlisted candidates. If you don't hear from us, rest assured there may be another opportunity at Coda that aligns better with your unique abilities. Remember to check our Careers Page for more exciting job openings!