Talent.com
Web Application Security Engineer

Web Application Security Engineer

CXMMalaysia, Malaysia
1 hari lalu
Penerangan pekerjaan

Position Overview

We are seeking an experienced Web Application Security Engineer to join our team in a unique purple team capacity. This role represents a strategic blend of offensive penetration testing expertise and defensive blue team capabilities, with a specialized focus on securing our web applications and SD‑WAN network infrastructure. The successful candidate will be responsible for conducting comprehensive security assessments of our web applications while simultaneously strengthening our defensive posture across our complex proxy and reverse proxy architecture.

This position is ideal for a security professional who thrives at the intersection of offensive and defensive security, possesses deep technical knowledge of web application vulnerabilities, and understands the nuances of securing modern SD‑WAN environments. You will work collaboratively with development teams, network engineers, and operations staff to identify vulnerabilities, validate security controls, and drive continuous improvement in our security posture.

Core Responsibilities

  • Offensive Security (Penetration Testing)

Conduct thorough and methodical penetration tests against web applications, APIs, and network infrastructure.

  • Identify security vulnerabilities through manual testing, automated scanning tools, and creative attack scenarios simulating real-world threat actors.
  • Assess authentication mechanisms, authorization controls, input validation, session management, and business logic flaws across the application portfolio.
  • Perform security assessments of the SD‑WAN infrastructure, focusing on proxy configurations, reverse proxy implementations, SSL / TLS termination points, and web application firewalls.
  • Defensive Security (Blue Team Operations)

    • Monitor security events and analyze logs from WAF and proxy infrastructure.

  • Respond to security incidents affecting web applications, investigate suspicious activities, create root‑cause analyses, and implement corrective measures.
  • Tune and optimize security controls, including WAF rules, proxy access controls, rate limiting configurations, and DDoS mitigation strategies.
  • Purple Team Collaboration

    • Bridge offensive and defensive functions by designing and executing purple team exercises.

  • Work with blue team members post‑penetration tests to ensure monitoring systems can detect similar attacks.
  • Facilitate knowledge transfer and help defenders understand attacker techniques, driving continuous improvement of the security program.
  • Security Integration and Automation

    • Develop automation scripts and tools to streamline repetitive security tasks (vulnerability scanning, configuration auditing, report generation).

  • Enhance operational efficiency, freeing time for complex analysis and strategic initiatives.

    • Required Qualifications

  • Bachelor’s degree in Computer Science, Information Security, Cybersecurity, or related field; or equivalent practical experience.
  • Minimum 3‑5 years of hands‑on experience in web application penetration testing and security assessment.
  • Deep understanding of OWASP Top 10 vulnerabilities, common web application attack vectors, and remediation strategies.
  • Practical experience with SD‑WAN technologies, forward proxies, reverse proxies (Nginx, HAProxy, Apache), and load balancers.
  • Proficiency with Burp Suite Professional, OWASP ZAP, Nmap, Metasploit, and vulnerability scanning platforms.
  • Strong scripting abilities in Python, Bash, or PowerShell; familiarity with JavaScript, PHP, Java, or .NET for code review.
  • Experience with SIEM platforms, log analysis, incident response procedures, and threat‑hunting methodologies.
  • Hands‑on experience configuring and tuning web application firewalls and deep packet inspections.

    • Preferred Qualifications

  • Experience with cloud security (AWS, Azure, etc.) and container security (Docker, Kubernetes).
  • API security testing (REST, GraphQL, SOAP) and mobile application security.
  • Previous purple team experience or demonstrated ability to work across offensive and defensive functions.
  • Excellent written and verbal communication skills for reporting, presentation, and stakeholder collaboration.

    • Benefits

  • Competitive compensation
  • Medical coverage
  • Gym allowance
  • Company events
  • Personal growth opportunities

    • Additional Information

    Seniority level : Mid‑Senior level

    Employment type : Full‑time

    Job function : Information Technology

    Industries : IT Services and IT Consulting

    #J-18808-Ljbffr

    Buat amaran kerja untuk carian ini

    Application Engineer • Malaysia, Malaysia

    Pekerjaan berkaitan
    • Dinaikkan pangkat
    Security Analyst

    Security Analyst

    Rimini Street, IncMalaysia, Malaysia
    Security Analyst page is loaded## Security Analystlocations : Remote Malaysiatime type : Full timeposted on : Posted Todayjob requisition id : R- • •About Rimini Street, Inc.Nasdaq : RMNI), a Rus...Tunjukkan lagiKemas kini terakhir: 7 hari yang lalu
    • Dinaikkan pangkat
    Security Analyst

    Security Analyst

    Rimini StreetMalaysia, Malaysia
    Security Analyst – Rimini Street.We are looking for a Security Analyst to join our team in Malaysia (Remote).This role is based in Malaysia (Remote). Nasdaq : RMNI), a Russell 2000® Company, is a glo...Tunjukkan lagiKemas kini terakhir: 7 hari yang lalu
    • Dinaikkan pangkat
    Web3 Senior Security Engineer

    Web3 Senior Security Engineer

    Hyphen ConnectMalaysia, Malaysia
    We are working with a decentralised exchange which looks to innovate on providing the best of CEXs and DEXs, focusing on building a safe, simple and scalable platform for trading.They differentiate...Tunjukkan lagiKemas kini terakhir: 30+ hari yang lalu
    • Dinaikkan pangkat
    Senior Analyst, Information Security Engineering

    Senior Analyst, Information Security Engineering

    FWD Group Management Holdings LimitedMalaysia, Malaysia
    Senior Analyst, Information Security Engineering page is loaded## Senior Analyst, Information Security Engineeringlocations : Malaysia - KL Eco Citytime type : Full timeposted on : Posted Todayt...Tunjukkan lagiKemas kini terakhir: 30+ hari yang lalu
    • Dinaikkan pangkat
    Senior Process Safety Engineer

    Senior Process Safety Engineer

    FLEXSYSPahangMalaysia, Pahang, Malaysia
    The Process Safety Engineer will provide Process Safety services and support Southern Asia.Most of the support will be for the Flexsys Kuantan Malaysia site where the engineer’s office will be loca...Tunjukkan lagiKemas kini terakhir: 30+ hari yang lalu
    • Dinaikkan pangkat
    Software Engineer (Security Management Applications)

    Software Engineer (Security Management Applications)

    Shirlyn TechnologyMalaysia, Malaysia
    Global Security and Risk Management (GSRM).Our team of security professionals, innovators, and thought leaders leverage decades of expertise to drive large-scale transformations and ensure the secu...Tunjukkan lagiKemas kini terakhir: 30+ hari yang lalu
    • Dinaikkan pangkat
    Application Engineer

    Application Engineer

    EXFOMalaysia, Malaysia
    The Application Engineer is a seasoned technology sales / pre-sales professional with a techno-commercial mindset.This candidate should possess a strong knowledge of the end-to-end value chain from b...Tunjukkan lagiKemas kini terakhir: 30+ hari yang lalu
    • Dinaikkan pangkat
    SOC Manager

    SOC Manager

    ConfidentialMalaysia
    We are seeking an experienced and highly capable Security Operations Center (SOC) Manager to lead our combined Information Technology (IT) and Operational Technology (OT) security monitoring and in...Tunjukkan lagiKemas kini terakhir: 13 hari yang lalu
    • Dinaikkan pangkat
    Technical Lead (Web Based)

    Technical Lead (Web Based)

    MpowertsMalaysia, Malaysia
    We are looking for a highly skilled technical personnel to lead a team of developers in implementing a new web based (and mobile) application from ground up. The technical lead is required to be tec...Tunjukkan lagiKemas kini terakhir: 30+ hari yang lalu
    Web Application Security Engineer

    Web Application Security Engineer

    CXM Direct LLCMY
    Quick Apply
    We are seeking an experienced Web Application Security Engineer to join our team in a unique purple team capacity.This role represents a strategic blend of offensive penetration testing expertise a...Tunjukkan lagiKemas kini terakhir: 5 hari yang lalu
    • Dinaikkan pangkat
    IT Security Lead

    IT Security Lead

    Monroe Consulting GroupMalaysia, Malaysia
    Monroe Consulting Group is partnering with a highly established Government-Linked Company (GLC) with a robust footprint in the consumer, logistics, and technology sectors.Our client is recognized f...Tunjukkan lagiKemas kini terakhir: 9 hari yang lalu
    • Dinaikkan pangkat
    Application Developer

    Application Developer

    BusinessperformanceMalaysia, Malaysia
    Primarily responsible in development of Business Intelligence Application, either in the area of database, web and business intelligence. Data Warehousing, Data Management, Business Intelligence or ...Tunjukkan lagiKemas kini terakhir: 30+ hari yang lalu
    • Dinaikkan pangkat
    Security Architect

    Security Architect

    GraceMark SolutionsMalaysia, Malaysia
    Be among the first 25 applicants.Malaysia (Flexible Work Options Available).Our client is a global leader in digital security and performance solutions, supporting billions of users worldwide.With ...Tunjukkan lagiKemas kini terakhir: 1 hari yang lalu
    • Dinaikkan pangkat
    Security Engineer

    Security Engineer

    CDN5Malaysia, Malaysia
    Implement and maintain website security measures to protect against cyber threats.Conduct penetration testing and vulnerability assessments to identify and mitigate security risks.Monitor and respo...Tunjukkan lagiKemas kini terakhir: 30+ hari yang lalu
    • Dinaikkan pangkat
    Cybersecurity Engineer

    Cybersecurity Engineer

    MindvalleyMalaysia, Malaysia
    Mindvalley is seeking a Cybersecurity Engineer to strengthen the overall security posture of our platforms, endpoints, cloud services, and applications. This role goes beyond traditional AppSec — yo...Tunjukkan lagiKemas kini terakhir: 30+ hari yang lalu
    • Dinaikkan pangkat
    Software Application Engineer

    Software Application Engineer

    Applied Materials, Inc.Malaysia, Malaysia
    Key Responsibilities • • • Creates, plans, and performs a variety of software analysis, design, development, code, code review, documentation, integration, test and product assurance tasks.Contributes...Tunjukkan lagiKemas kini terakhir: 7 hari yang lalu
    • Dinaikkan pangkat
    Utilities Engineer

    Utilities Engineer

    LonzaJerantut, Pahang, Malaysia
    Today, Lonza is a global leader in life sciences operating across five continents.While we work in science, there’s no magic formula to how we do it. Our greatest scientific solution is dedicated in...Tunjukkan lagiKemas kini terakhir: 17 hari yang lalu
    • Dinaikkan pangkat
    Senior Engineer, Product Security Engineering

    Senior Engineer, Product Security Engineering

    Dell TechnologiesMalaysia, Malaysia
    As a Security Review Consultant, you will be responsible for performing security reviews on firewall change requests, proxy change requests, third-party access requests. You will also review the cap...Tunjukkan lagiKemas kini terakhir: 30+ hari yang lalu