Web Application Security EngineerCXM • Malaysia, Malaysia
Web Application Security Engineer
CXM • Malaysia, Malaysia
3 days ago
Job descriptionIdentify security vulnerabilities through manual testing, automated scanning tools, and creative attack scenarios simulating real-world threat actors. Assess authentication mechanisms, authorization controls, input validation, session management, and business logic flaws across the application portfolio. Perform security assessments of the SD‑WAN infrastructure, focusing on proxy configurations, reverse proxy implementations, SSL / TLS termination points, and web application firewalls. Defensive Security (Blue Team Operations) Respond to security incidents affecting web applications, investigate suspicious activities, create root‑cause analyses, and implement corrective measures. Tune and optimize security controls, including WAF rules, proxy access controls, rate limiting configurations, and DDoS mitigation strategies. Purple Team Collaboration Work with blue team members post‑penetration tests to ensure monitoring systems can detect similar attacks. Facilitate knowledge transfer and help defenders understand attacker techniques, driving continuous improvement of the security program. Security Integration and Automation Enhance operational efficiency, freeing time for complex analysis and strategic initiatives. Bachelor’s degree in Computer Science, Information Security, Cybersecurity, or related field; or equivalent practical experience. Minimum 3‑5 years of hands‑on experience in web application penetration testing and security assessment. Deep understanding of OWASP Top 10 vulnerabilities, common web application attack vectors, and remediation strategies. Practical experience with SD‑WAN technologies, forward proxies, reverse proxies (Nginx, HAProxy, Apache), and load balancers. Proficiency with Burp Suite Professional, OWASP ZAP, Nmap, Metasploit, and vulnerability scanning platforms. Strong scripting abilities in Python, Bash, or PowerShell; familiarity with JavaScript, PHP, Java, or .NET for code review. Experience with SIEM platforms, log analysis, incident response procedures, and threat‑hunting methodologies. Hands‑on experience configuring and tuning web application firewalls and deep packet inspections. Experience with cloud security (AWS, Azure, etc.) and container security (Docker, Kubernetes). API security testing (REST, GraphQL, SOAP) and mobile application security. Previous purple team experience or demonstrated ability to work across offensive and defensive functions. Excellent written and verbal communication skills for reporting, presentation, and stakeholder collaboration. Competitive compensation Medical coverage Gym allowance Company events Personal growth opportunities
Position Overview
We are seeking an experienced Web Application Security Engineer to join our team in a unique purple team capacity. This role represents a strategic blend of offensive penetration testing expertise and defensive blue team capabilities, with a specialized focus on securing our web applications and SD‑WAN network infrastructure. The successful candidate will be responsible for conducting comprehensive security assessments of our web applications while simultaneously strengthening our defensive posture across our complex proxy and reverse proxy architecture.
This position is ideal for a security professional who thrives at the intersection of offensive and defensive security, possesses deep technical knowledge of web application vulnerabilities, and understands the nuances of securing modern SD‑WAN environments. You will work collaboratively with development teams, network engineers, and operations staff to identify vulnerabilities, validate security controls, and drive continuous improvement in our security posture.
Core Responsibilities
- Offensive Security (Penetration Testing)
Conduct thorough and methodical penetration tests against web applications, APIs, and network infrastructure.
Monitor security events and analyze logs from WAF and proxy infrastructure.
Bridge offensive and defensive functions by designing and executing purple team exercises.
Develop automation scripts and tools to streamline repetitive security tasks (vulnerability scanning, configuration auditing, report generation).
Required Qualifications
Preferred Qualifications
Benefits
Additional Information
Seniority level : Mid‑Senior level
Employment type : Full‑time
Job function : Information Technology
Industries : IT Services and IT Consulting
#J-18808-Ljbffr
Create a job alert for this search
Application Engineer • Malaysia, Malaysia
Related jobs
Security Analyst
Rimini Street, Inc • Malaysia, Malaysia
Security Analyst page is loaded## Security Analystlocations : Remote Malaysiatime type : Full timeposted on : Posted Todayjob requisition id : R- • •About Rimini Street, Inc.Nasdaq : RMNI), a Rus...Show more
Last updated: 9 days ago • Promoted
Security Analyst
Rimini Street • Malaysia, Malaysia
Security Analyst – Rimini Street.We are looking for a Security Analyst to join our team in Malaysia (Remote).This role is based in Malaysia (Remote).
Nasdaq : RMNI), a Russell 2000® Company, is a glo...Show more
Last updated: 9 days ago • Promoted
DevSecOps and IAM - Principal Engineer
Fairview International School • Malaysia, Malaysia
Key member of the Senior Technical Committee for IT Security, representing IT Security within ISD Division and PayNet.Lead automation initiatives across various security functional areas and overse...Show more
Last updated: 30+ days ago • Promoted
Application Engineer
PSG, a Dover company • Malaysia, Malaysia
The Application Engineer is responsible for providing technical and sales support for the products of both industrial and Hydro.
He / she will develop and execute a strategy for providing technical an...Show more
Last updated: 30+ days ago • Promoted
Web3 Senior Security Engineer
Hyphen Connect • Malaysia, Malaysia
We are working with a decentralised exchange which looks to innovate on providing the best of CEXs and DEXs, focusing on building a safe, simple and scalable platform for trading.They differentiate...Show more
Last updated: 30+ days ago • Promoted
Senior Analyst, Information Security Engineering
FWD Group Management Holdings Limited • Malaysia, Malaysia
Senior Analyst, Information Security Engineering page is loaded## Senior Analyst, Information Security Engineeringlocations : Malaysia - KL Eco Citytime type : Full timeposted on : Posted Todayt...Show more
Last updated: 30+ days ago • Promoted
Software Engineer (Security Management Applications)
Shirlyn Technology • Malaysia, Malaysia
Global Security and Risk Management (GSRM).Our team of security professionals, innovators, and thought leaders leverage decades of expertise to drive large-scale transformations and ensure the secu...Show more
Last updated: 30+ days ago • Promoted
Application Engineer
EXFO • Malaysia, Malaysia
The Application Engineer is a seasoned technology sales / pre-sales professional with a techno-commercial mindset.This candidate should possess a strong knowledge of the end-to-end value chain from b...Show more
Last updated: 30+ days ago • Promoted
SOC Manager
Confidential • Malaysia
We are seeking an experienced and highly capable Security Operations Center (SOC) Manager to lead our combined Information Technology (IT) and Operational Technology (OT) security monitoring and in...Show more
Last updated: 15 days ago • Promoted
Application Specialist
Biomed Global • Malaysia, Malaysia
Salary Range MYR 4,000 - 4,999.Provide scientific and technical support in pre & post sales activity.Plan and execute educational programs for a range of medical product (CME, User Training, Worksh...Show more
Last updated: 30+ days ago • Promoted
Application Developer
Businessperformance • Malaysia, Malaysia
Primarily responsible in development of Business Intelligence Application, either in the area of database, web and business intelligence.
Data Warehousing, Data Management, Business Intelligence or ...Show more
Last updated: 30+ days ago • Promoted
Security Architect
GraceMark Solutions • Malaysia, Malaysia
Be among the first 25 applicants.Malaysia (Flexible Work Options Available).Our client is a global leader in digital security and performance solutions, supporting billions of users worldwide.With ...Show more
Last updated: 3 days ago • Promoted
Google SecOps Security Architect
Sii Poland • Malaysia, Malaysia
Google SecOps Security Architect.We are looking for an experienced Security Architect with strong expertise in Google SecOps (formerly Google Chronicle) to lead and support our SIEM Transformation ...Show more
Last updated: 5 days ago • Promoted
Security Engineer
CDN5 • Malaysia, Malaysia
Implement and maintain website security measures to protect against cyber threats.Conduct penetration testing and vulnerability assessments to identify and mitigate security risks.Monitor and respo...Show more
Last updated: 30+ days ago • Promoted
Cybersecurity Engineer
Mindvalley • Malaysia, Malaysia
Mindvalley is seeking a Cybersecurity Engineer to strengthen the overall security posture of our platforms, endpoints, cloud services, and applications.
This role goes beyond traditional AppSec — yo...Show more
Last updated: 30+ days ago • Promoted
Software Application Engineer
Applied Materials, Inc. • Malaysia, Malaysia
Key Responsibilities • • • Creates, plans, and performs a variety of software analysis, design, development, code, code review, documentation, integration, test and product assurance tasks.Contributes...Show more
Last updated: 9 days ago • Promoted
Utilities Engineer
Lonza • Jerantut, Pahang, Malaysia
Today, Lonza is a global leader in life sciences operating across five continents.While we work in science, there’s no magic formula to how we do it.
Our greatest scientific solution is dedicated in...Show more
Last updated: 19 days ago • Promoted
Senior Engineer, Product Security Engineering
Dell Technologies • Malaysia, Malaysia
As a Security Review Consultant, you will be responsible for performing security reviews on firewall change requests, proxy change requests, third-party access requests.
You will also review the cap...Show more
Last updated: 30+ days ago • Promoted