This is an exciting & challenging role in Lazada Group Security Governance & Architecture team that offers great opportunity to work on cross functional and regional security project initiatives. In this role, you will work closely with the tech & product teams to trained them to implement & automate the application security solutions defined by the group and also discover the security requirements & solutions for the complex technical & business problems in fast changing environment. This is role requires a mix of technical capabilities as well as the know-how to provide application security solutions over complex applications and projects while also having the ability to articulate complex security concepts to business personnel and non-security personnel.
• Work with tech teams on secure software development lifecycle in cultivating a “secure by design” culture on application development within the organization. • Provide security oversight and guide development & tech teams to ensure that security requirements are embedded in the code. • Coordinate with global application security team and automate security processes within the SDLC and implement security tooling based on enterprise strategy • Provide training to the developers on secure software development lifecycle from design to automated security testing using demos and helping out with security test automation • Incorporate and enforce effective security controls & solutions without slowing down speed of deployment • Work closely with developers reviewing security requirements, help them in automated security scans of source code in development, guide them in implementing established enterprise security solutions and optimize the security rules to reduce false positives and false negatives in automated scanning. • Prepare security training programs for tech teams and train Security Champions and be as a second line of support
• Bachelor’s degree in Computer Science or equivalent.
• Minimum 5 year’s experience in application security or secure software development lifecycle, SDL or OWASP SAMM • Prior experience in developing applications, with one of the languages (Java/Python/Go/Node) is desired • Prior experience with white-box, web black-box code scanning, or RASP is desired • Ability to pull a diverse group of individuals with different goals together and facilitate productive discussions driving towards results. • Experience in identifying solutions for complex problems in enterprise environments. • Security certifications are highly beneficial (i.e. CISSP, CSSLP, CCSP, GWEB) • Singaporeans preferred