Security Engineer/Penetration Tester (SG)

Requirements

• OSCP (or equivalent, such as CREST) is a MUST. We know being certified doesn’t mean you are good, but at least it shows you have the baseline knowledge and are willing to try harder. In an increasingly regulated industry, certifications further prove our team’s expertise - in fact we have nearly 100 certifications just within the application security/DevSecOps team.
• You are expected to know application security frameworks like OWASP Top 10 inside out and beyond, and with a very strong security sense around business/financial logic flaws
• At least 2 years of experience in Web API testing, use BurpSuite like a Pro and be able to spot suspicious request/response parameters out of intuition 
• Preferable: full-stack approach to application security with understanding on how front-ends and back-ends communicate; how modern applications are developed and deployed in the cloud; and how to read code to understand what happens when the backend receives API requests (Java, Ruby, Elixir, JavaScript)
• Preferable: experience in communicating with development and product teams to effectively remediate application security issues
• Optional: Hands on experience on Mobile App testing, a good understanding of Jailbreaking/Rooting a device, API hooking, reverse engineering, de-obfuscation
• Optional: Good understanding of container related technologies and AWS services such as ECS, EKS, VPC, IAM, etc.
• Optional: Familiar with at least one scripting language and be able to implement some degree of automation
• Proficiency in both spoken and written English. Being able to speak Mandarin will be an advantage
• Willing to learn, energetic, adapt to changes. Have a positive attitude towards cryptocurrency