Lead Application Security Engineer
External
Encora10 · Kuala Lumpur, MalaysiaFull-timeOn-site1d ago
Application SecurityCI/CDGitHubGitHub ActionsGitLabGitLab CI
Prepare for this interview
EliteAI-generated questions, company research, and talking points tailored to this role
Responsibilities
- Threat Modeling: Lead design reviews for new banking features (Payments, Transfers,
- KYC). Identify logic flaws before code is written.
- Pipeline Automation: Architect and maintain the SAST/DAST/SCA tooling in the CI/CD
- pipeline (e.g., SonarQube, Snyk, GitLab CI) to block vulnerabilities automatically.
- Code Review: Perform manual code audits on high-risk components (Authentication,
- Ledger logic) in Java, Kotlin, or Swift.
- Cloud & AI Patterns: Deliver API, container, cloud, and AI security design patterns.
- Ensure that developers have "paved roads" (secure templates) for deploying
- microservices and AI models.
- Culture: Act as a mentor to the development team, running secure coding workshops and
- championing a "Security Champion" program.
- Technical Requirements:
- 5+ years in Application Security with a background in Software Development.
- Proficiency in at least one core language: Java (Spring Boot), Node.js, or Go.
- Deep understanding of OWASP Top 10 and SANS Top 25.
- Experience with CI/CD integration (Jenkins, GitHub Actions).
- Bonus: Experience in Fintech or Banking.
Benefits
Performance bonus
Your Match
How well this role fits your profile.
Company Intel
What employees say
Worked at encora10? Share your experience