Lead Application Security Engineer
Kuala Lumpur - Malaysia
Job Summary
Key Responsibilities:
Threat Modeling: Lead design reviews for new banking features (Payments Transfers
KYC). Identify logic flaws before code is written.
Pipeline Automation: Architect and maintain the SAST/DAST/SCA tooling in the CI/CD
pipeline (e.g. SonarQube Snyk GitLab CI) to block vulnerabilities automatically.
Code Review: Perform manual code audits on high-risk components (Authentication
Ledger logic) in Java Kotlin or Swift.
Cloud & AI Patterns: Deliver API container cloud and AI security design patterns.
Ensure that developers have paved roads (secure templates) for deploying
microservices and AI models.
Culture: Act as a mentor to the development team running secure coding workshops and
championing a Security Champion program.
Technical Requirements:
5 years in Application Security with a background in Software Development.
Proficiency in at least one core language: Java (Spring Boot) or Go.
Deep understanding of OWASP Top 10 and SANS Top 25.
Experience with CI/CD integration (Jenkins GitHub Actions).
Bonus: Experience in Fintech or Banking.
Required Experience:
IC
About Company
As Encora Inc. expands its footprint in Latin America, its acquisition of Nearsoft provides our clients with a unique chance to Nearshore on a global scale.