Product Security Specialist

• Hybrid working Environment
• Global Team

About Our Client

The company is a large organization providing financial services in the global market. They are renowned for their innovative approach and commitment to the highest standards of integrity, quality, and professionalism.

Job Description

• Embed security into the Software Development Life Cycle (SSDLC), ensuring the adoption of secure design, coding, and testing practices.
• Conduct SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), and Open Source Security (OSS) assessments to identify and remediate vulnerabilities.
• Perform penetration testing and Open-Source Intelligence (OSINT) investigations to uncover security weaknesses.
• Leverage OWASP methodologies and frameworks to improve security postures.
• Ensure compliance with global security frameworks (e.g., GDPR, ISO 27001, NIST, SOC 2, CAIQ) and assess their impact on data protection.
• Actively contribute to security initiatives, collaborating with developers, DevOps engineers, and product managers to drive secure development practices.
• Investigate emerging technologies to enhance product security.
• Build a strong communication methodology to ensure effective communication to key stakeholders.
• Manage projects to timeframes.
• Operationalise and enhance our Penetration Testing as a Service (PTaaS) and Cookie management platforms, working with product leads.
• Challenge, validate, and support proposed solutions/designs.
• Work with Project Managers to identify, understand and proactively mitigate potential issues.
• Report & escalation of concerns & issues and develop necessary plans to mitigate any risks.
• Work closely with client facing resources to ensure potential issues are understood and action taken.

The Successful Applicant

• Experience in Cloud Security and securing cloud environments.
• Knowledge of Container Security, including Kubernetes and Docker hardening practices.
• Understanding of Security Architecture principles and best practices.
• Experience with Azure DevOps, GitHub security controls, and common CI/CD security practices and pipelines.
• Proficiency with security tools such as BurpSuite, Kali Linux, and other security testing platforms.
• Ability to stay ahead of evolving threats and integrate security into emerging technologies.
• Experience building relationships and gaining credibility with all levels of an organisation.
• Demonstrated experience with working with diverse operational teams.
• Strong working knowledge of Microsoft 365 applications and general technical literacy.
• Experience in operational, process, and performance improvement projects and programmes including process mapping and process re-design.
• Self-organization / time management.
• Strong Communication skills: presents and communicates effectively.
• Ideally 2+ years of Security Consultancy/DevOps or SSDLC experience working within or alongside a development team, with a track record of analysing and implementing security enhancements.
• Ideally 4+ years of experience in a security testing function, with a proven ability to analyse and interpret vulnerability reports and prioritise actions to minimise risk.

What's on Offer

• Salary range: MYR 60,000 - MYR 108,000 per annum.
• Hybrid work environment.
• Continuous learning opportunities.
• Dynamic and inclusive company culture.
• Generous holiday leave.

We invite you to join our team as we continue to create an incredible future together.