533 Web Application Security jobs in Singapore

MINDEF

Permanent

Closing on 21 Sep 2025

What the role is

You will play a pivotal role in safeguarding Singapore's defence and security interests by conducting comprehensive Penetration Testing (PT), Vulnerability Assessments (VA), and Source Code Security Reviews on IT assets, including infrastructure, web applications, and military applications.

What you will be working on

• Conduct comprehensive Penetration Testing (PT), Vulnerability Assessments (VA), and Source Code Security Reviews on IT assets, including infrastructure, web applications, and military applications
• Develop tailored security assessment tools and scripts to enhance testing capabilities and address evolving threat vectors
• Document findings, conduct analysis, and prepare detailed technical reports, including executive summaries for various stakeholders
• Collaborate with security engineers, developers, and other stakeholders to provide actionable guidance on remediating identified security risks and vulnerabilities
• Provide expertise in the design and implementation of security controls across applications, infrastructure, and network systems
• Develop and deliver specialised training and awareness programs to elevate the cybersecurity capabilities of the SAF personnel, with opportunities for growth in leadership and knowledge-sharing in the military cybersecurity context
• Maintain up-to-date knowledge of emerging threats, security best practices, and industry-standard frameworks
  Challenge(s)
• Maintaining consistent quality under time pressure
• Quickly learning and troubleshooting various tools and platforms

What we are looking for

• Education in Information Security, Computer Science, IT or a related field
• Industry-recognised certifications such as CREST CRT, GPEN, or OSCP
• At least 1 year of hands-on experience in conducting PT and VA, with a strong preference for experience in military or government-focused penetration testing
• Experience conducting security assessments on application infrastructure, networks, and cloud-based systems
• Strong understanding of web application, infrastructure, and network security architecture
• Excellent communication and presentation skills, with a focus on conveying complex security findings to both technical and non-technical stakeholders
• Ability to work independently and collaboratively within cross-functional teams
• Highly analytical, self-driven, and committed to continuous learning and skill enhancement
• Proficiency in scripting languages, such as Python, PowerShell, JavaScript, VBScript, Ruby, or Perl
• Track record of identifying and disclosing vulnerabilities or recognition in Capture-The-Flag (CTF) competitions
• Proficiency with tools such as BurpSuite, Metasploit, Nexpose, Nessus, and other industry-standard penetration testing and vulnerability assessment tools
  Appointment will be commensurate with your experience.
  Only shortlisted candidates will be notified.

About MINDEF

The mission of MINDEF and the Singapore Armed Forces is to enhance Singapore's peace and security through deterrence and diplomacy, and should these fail, to secure a swift and decisive victory over the aggressor.
The Defence Executive Officer (DXO) scheme is the non-uniformed career scheme of MINDEF that offers myriad opportunities in various job functions, such as corporate communications, cyber security, data analytics and visualisation, defence policy, finance, HR, psychology, and more. Embodying the same level of commitment towards defence, DXOs work together with their military counterparts to contribute to MINDEF/SAF's mission and ensure Singapore's security and stability. United by this common cause, our lines of defence complement each other to secure the prosperity and progress of our nation.

About your application process

This job is closing on 21 Sep 2025.

If you do not hear from us within 4 weeks of the job ad closing date, we seek your understanding that it is likely that we are not moving forward with your application for this role. We thank you for your interest and would like to assure you that this does not affect your other job applications with the Public Service. We encourage you to explore and for other roles within MINDEF or the wider Public Service.

Job Description:

⦁ Overall Security solution Architect with 8 yrs of experience

⦁ Azure Certification, Security Specialty

⦁ Shall possess the necessary skills, knowledge and experience in the following areas:

⦁ Security management frameworks and governance.

⦁ Security risk analysis and management.

⦁ Security incident response and management; and

⦁ Technical expertise in Solution's platforms and technologies.

1. The Application Security Engineer shall have at least a Diploma in Computer Studies, or related discipline, and three (3) years' experience as a Software Developer or Application Security Engineer.

2. The Application Security Engineer's experience should include experience in identifying security risks, analyzing application vulnerabilities, and directing solutions for remediations. Relevant certifications such as "Certified Secure Software Lifecycle Professional" would be advantageous.

Job Type: Full-time

Pay: From $8,500.00 per month

What the role is

We are seeking an experienced Application Security Engineer to be part of the Platforms Architecture & Engineering (PAE) and strengthen our organisation's security posture by implementing robust security measures throughout our software development lifecycle. The ideal candidate will work closely with development teams and operation teams to ensure security is embedded in our applications from design to deployment.

What you will be working on

In this position, you will:

• Conduct security assessments, threat modelling, and code reviews to identify vulnerabilities in applications
• Design and implement security controls, authentication mechanisms, and encryption solutions
• Develop and maintain secure coding guidelines and security standards
• Collaborate with development teams to remediate security issues and provide guidance on secure coding practices
• Conduct security awareness training sessions for development teams
• Monitor and respond to security incidents related to application vulnerabilities
• Evaluate and implement security tools and technologies
• Maintain documentation of security processes and procedures

What we are looking for

• Bachelor's degree in Computer Science, Information Security, or related field
• At least 3 years of experience in application security or software development with security focus
• Strong knowledge of secure coding practices and OWASP Top 10 vulnerabilities
• Proficiency in common programming languages (e.g., .Net Core, Java, Python, JavaScript)
• Experience with security testing tools and methodologies
• Understanding of cryptography, authentication, and authorisation protocols
• Knowledge of common security frameworks and standards (ISO 27001, NIST, etc.)
• Security certifications (CISSP, CEH, OSCP, or equivalent)
• Experience with cloud security (AWS, Azure, GCP)
• Knowledge of DevSecOps practices and tools
• Familiarity with containerisation and microservices security
• Strong analytical and problem-solving abilities
• Excellent communication and collaboration skills
• Experience with security incident response

As part of the shortlisting process for this role, you may be required to complete a medical declaration and/or undergo further assessment.

This is a 2-Year Contract. All applicants will be notified on whether they are shortlisted or not within 4 weeks of the closing date of this job posting.

Qualifications
At least a Diploma in Computer Studies or related disciplines.
Possession of relevant professional certification would be advantageous.
At least two (2) years of relevant working experience in the following skillsets.
Skills
Experience in managing source code review, Vulnerability Assessment, and Penetration Testing (VAPT) with familiarity in remediating security vulnerabilities (e.g., OWASP Top 10 web apps vulnerabilities).
Security Tool usage.
Web Inspect tools.
Seniority Level
Not Applicable
Employment Type
Contract
Job Function
Public Health
Referrals increase your chances of interviewing at Tata Consultancy Services by 2x
#J-18808-Ljbffr

Join to apply for the
Senior Application Security Engineer
role at
Acronis
Acronis is revolutionizing cyber protection—providing natively integrated, all-in-one solutions that monitor, control, and protect the data that businesses and lives depend on.
We are looking for a Senior Application Security Engineer to join our mission to create a #CyberFit future and protect all data, applications and systems across any environment. The application security team works to make Acronis applications more secure against all kinds of threats. You will work with good guys on responsible disclosure, find security bugs before bad guys do it, change development processes to prevent bugs, monitor attacks and respond, and create novel solutions to detect and protect applications.
What You’ll Do
Threat modeling: Think about how attackers can compromise a system and what protections are needed.
Secure Software Development Lifecycle: Help developers write secure code that minimizes vulnerabilities by implementing secure coding standards, techniques, and best practices.
Security code reviews: Identify security vulnerabilities in source code before an application is deployed to production.
Vulnerability testing and analysis: Discover weaknesses once an application is deployed and advise development teams on remediation.
Conduct security assessments for software components developed in the company.
Validate external security reports and bug bounty submissions.
Take part in the SLDC process development and implementation.
Conduct post-mortem reviews of application security bugs.
Consult engineers on application security matters and train them on secure development practices.
What You Bring
Understanding of security models of Web/REST API, cloud, mobile and desktop apps.
Hands on experience with security assessment tools and attack techniques.
Code assessments in programming languages Go, Python, Ruby, C/C++, JavaScript. Basic programming skills with Go, Python or another language will come handy.
Strong communication skills.
2+ years in Application Security.
Strong knowledge of the modern web, mobile, and network security.
Published security research, open source tools, blog posts, proven history of bug bounty programs participation considered a strong advantage.
Please be ready to answer in an interview the following questions:
What is the Same Origin Policy? Share your knowledge about Cross-site scripting contexts.
Describe any attack like SQL injection, XXE, SSRF, or any other. Suggest right fixes and possible bypasses.
(Windows Security) Your opinion about LPE from Admin to the System user.
How to count possible compromised accounts?
Be ready to write a simple exploit or a few lines of code that allows checking some kind of attacking vector.
Who We Are
Acronis is a global cyber protection company that provides natively integrated cybersecurity, data protection, and endpoint management for managed service providers (MSPs), small and medium businesses (SMBs), enterprise IT departments and home users. Our all-in-one solutions are highly efficient and designed to identify, prevent, detect, respond, remediate, and recover from modern cyberthreats with minimal downtime, ensuring data integrity and business continuity. We offer the most comprehensive security solution on the market for MSPs with our unique ability to meet the needs of diverse and distributed IT environments.
Interview Practices
To maintain a fair and genuine hiring process, we kindly ask that all candidates participate in interviews without the assistance of AI tools or external prompts. Our interview process is designed to assess your individual skills, experiences, and communication style. We value authenticity and want to ensure we’re getting to know you—not a digital assistant. To help maintain this integrity, we ask to remove virtual backgrounds and include in-person interviews in our hiring process.
Acronis is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, marital status, national origin, physical or mental disability, medical condition, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, gender identity or expression, or any other characteristic protected by applicable laws, regulations and ordinances.
#J-18808-Ljbffr

Please note that the application process will be managed on our partner website, Workday, which will require you to log in or create an account.
Acronis is revolutionizing cyber protection—providing natively integrated, all-in-one solutions that monitor, control, and protect the data that businesses and lives depend on. We are looking for a Senior Application Security Engineer to join our mission to create a #CyberFit future and protect all data, applications and systems across any environment.
People entrust Acronis with their data. We are responsible for keeping it safe and this constitutes the essence of the application security researcher job. The application security team works to make Acronis applications more secure against all kinds of threats. You will work with good guys on their responsible disclosure. You will find security bugs before bad guys do it. Together with the development team, you'll change development processes and practices to ensure that such kinds of bugs will never appear in our code again. You will monitor the attacks and respond to them. You will create novel solutions to detect and advanced approaches to protect applications.
WHAT YOU'LL DO
Threat modeling: Think about how attackers can compromise a system and what protections are needed against them
Secure Software Development Lifecycle: Help developers write secure code that minimizes vulnerabilities by implementing secure coding standards, techniques, and best practices
Security code reviews: Identify security vulnerabilities in source code before an application is deployed to production
Vulnerability testing and analysis: Discover weaknesses once an application is deployed and advise development teams on remediation
Conduct security assessments for software components developed in the company.
Validate external security reports and bug bounty submissions.
Take part in the SLDC process development and implementation.
Conduct post-mortem reviews of application security bugs.
Consult engineers on application security matters, train them on secure development practices.
WHAT YOU BRING
Understanding of security models of Web/REST API, cloud, mobile and desktop apps.
Hands on experience with security assessment tools and attack techniques. You should be able to go well beyond inserting a quote in URLs.
Code assessments in programming languages Go, Python, Ruby, C/C++, JavaScript. Basic programming skills with Go, Python or another language will come handy.
Strong communication skills.
2+ years in Application Security
Strong knowledge of the modern web, mobile, and network security
Published security research, open source tools, blog posts, proven history of bug bounty programs participation considered a strong advantage.
Please be ready to answer in an interview the following questions:
What is the Same Origin Policy? Share your knowledge about Cross-site scripting contexts
Describe any attack like SQL injection, XXE, SSRF, or any other. Suggest right fixes and possible bypasses
(Windows Security) Your opinion about LPE from Admin to the System user
How to count possible compromised accounts?
Be ready to write a simple exploit or a few lines of code that allows checking some kind of attacking vector
Please submit your resume and application in English
WHO WE ARE
Acronis is a global cyber protection company that provides natively integrated cybersecurity, data protection, and endpoint management for managed service providers (MSPs), small and medium businesses (SMBs), enterprise IT departments and home users. Our all-in-one solutions are highly efficient and designed to identify, prevent, detect, respond, remediate, and recover from modern cyberthreats with minimal downtime, ensuring data integrity and business continuity. We offer the most comprehensive security solution on the market for MSPs with our unique ability to meet the needs of diverse and distributed IT environments.
A Swiss company founded in Singapore in 2003, Acronis offers over twenty years of innovation with 15 offices worldwide and more than 1800 employees in 50+ countries. Acronis Cyber Protect is available in 26 languages in 150 countries and is used by over 20,000 service providers to protect over 750,000 businesses.
Our corporate culture is focused on making a positive impact on the lives of each employee and the communities we serve. Mutual trust, respect and belief that we can contribute to the world everyday are the cornerstones of our team.Each member of our “A-Team” plays an instrumental role in driving the success of our innovative and expanding business. We seek individuals who excel in dynamic, global environments and have a never give up attitude, contributing to our collective growth and impact.
Our Interview Practices
To maintain a fair and genuine hiring process, we kindly ask that all candidates participate in interviews without the assistance of AI tools or external prompts. Our interview process is designed to assess your individual skills, experiences, and communication style. We value authenticity and want to ensure we’re getting to know you—not a digital assistant. To help maintain this integrity, we ask to remove virtual backgrounds and include in-person interviews in our hiring process.
Use of AI-generated responses or third-party support during live interviews may be grounds for disqualification from the recruitment process and a full criminal, education and identification background check is required for all new hires.
Acronis is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, marital status, national origin, physical or mental disability, medical condition, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, gender identity or expression, or any other characteristic protected by applicable laws, regulations and ordinances.
Please note that the application process will be managed on our partner website, Workday, which will require you to log in or create an account.
#J-18808-Ljbffr

Overview
Application Security Engineer - Global Payment role at ByteDance. The Security Assurance Team builds infrastructures, platforms and technologies to protect users, products and infrastructure, collaborating with cross-functional teams on secure-by-design solutions at scale.
Responsibilities
Provide security engineering support to product teams to help identify potential security flaws in the early stages of SDLC.
Continuously design and conduct penetration testing to determine if infrastructure components, systems and applications meet security standards in staging/production environments.
Identify security issues under new threat scenarios, support incident response and forensics, and drive remediation in a cross-functional environment toward incident resolution.
Collaborate with other security teams and product teams to design defense-in-depth controls that limit attackers’ ability and improve security postures.
Identify risks and take ownership to resolve potential security project issues.
Continuously conduct security research and strive to innovate.
Qualifications
Minimum Qualifications
Background in Computer Science, Computer Engineering, Information Systems or other STEM disciplines.
Strong knowledge in web application security, mobile app security, cloud security and thick client security.
Experience in writing and reviewing code in at least one of: JavaScript (Node.js), Go, Python, Java, C++, Rust.
Good project management skills and focused teamwork.
Preferred Qualifications
Experience independently supporting the application security of a business line.
CTF players, BugBounty experience with reputable statistics on HackerOne, BugCrowd, etc.
About Us
Founded in 2012, ByteDance's mission is to inspire creativity and enrich life. With products including TikTok, Lemon8, CapCut and Pico, and platforms in China such as Toutiao, Douyin, and Xigua, ByteDance connects people to content in meaningful ways.
Why Join ByteDance
We pursue creativity through innovative products that help people express themselves, discover, and connect. Our global, diverse teams aim to create value for communities and users. We foster curiosity, humility, and impact with an "Always Day 1" mindset.
Diversity & Inclusion: ByteDance is committed to an inclusive space where employees are valued for their skills and perspectives. We celebrate diverse voices and strive to reflect the communities we reach.
Note: This listing is for the Global Payment role; other related Application Security Engineer roles and details may be listed separately.
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
#J-18808-Ljbffr

About Us

Founded in 2012, ByteDance's mission is to inspire creativity and enrich life. With a suite of more than a dozen products, including TikTok, Lemon8, CapCut and Pico as well as platforms specific to the China market, including Toutiao, Douyin, and Xigua, ByteDance has made it easier and more fun for people to connect with, consume, and create content.

Why Join ByteDance

Inspiring creativity is at the core of ByteDance's mission. Our innovative products are built to help people authentically express themselves, discover and connect – and our global, diverse teams make that possible. Together, we create value for our communities, inspire creativity and enrich life - a mission we work towards every day.

As ByteDancers, we strive to do great things with great people. We lead with curiosity, humility, and a desire to make impact in a rapidly growing tech company. By constantly iterating and fostering an "Always Day 1" mindset, we achieve meaningful breakthroughs for ourselves, our Company, and our users. When we create and grow together, the possibilities are limitless. Join us.

Diversity & Inclusion

ByteDance is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. Our platform connects people from across the globe and so does our workplace. At ByteDance, our mission is to inspire creativity and enrich life. To achieve that goal, we are committed to celebrating our diverse voices and to creating an environment that reflects the many communities we reach. We are passionate about this and hope you are too.

About the Team

As part of ByteDance's Security Department, Security BP team is not only responsible for the security and risk management of the Monetization business, but also plays an important role in connecting and building trust between the business and security team. Leveraging on various capabilities provided by the Security Department, we ensure the business and customer data are secured by providing high-quality services to the Monetization business, such as platform security, product security, business security and compliance governance.

Responsibilities

- Provide security engineering support to product teams to help identify potential security flaws in the early stages of SDLC.

- Continuously design and conduct penetration testing to determine if infrastructure components, systems and applications meet security standards in the staging/production environment.

- Discover security issues that appear under new threat scenarios, support incident response, forensics, remediation in a cross-functional environment driving towards incident resolution.

- Collaborate closely with other parts of the security team and product teams to design defense-in-depth controls that limit attackers' ability and improve our security postures.

- To identify risks and actively take ownership to resolve any potential security project issues.

- Continuously conduct security research and strive to innovate.

Minimum Qualifications

- Background in Computer Science, Computer Engineering, Information Systems or other STEM disciplines.

- Strong knowledge in some of these various disciplines: web application security, mobile app security, cloud security and thick client security.

- Solid experience in writing and reviewing code in at least one of the following programming languages: JavaScript (Node JS), Go, Python, Java, C++, Rust.

- Good project management skills and focused teamwork.

Preferred Qualifications

- Experience in independent supporting the application security of a business line

- CTF players, BugBounty experience with reputable statistics in HackerOne, BugCrowd etc.

Application Security Engineer- Global E-Commerce
5 days ago Be among the first 25 applicants
About the Team
As part of ByteDance's Security Department, Security BP team is not only responsible for the security and risk management of the Monetization business, but also plays an important role in connecting and building trust between the business and security team. Leveraging on various capabilities provided by the Security Department, we ensure the business and customer data are secured by providing high-quality services to the Monetization business, such as platform security, product security, business security and compliance governance.
Responsibilities
Provide security engineering support to product teams to help identify potential security flaws in the early stages of SDLC.
Continuously design and conduct penetration testing to determine if infrastructure components, systems and applications meet security standards in the staging/production environment.
Discover security issues that appear under new threat scenarios, support incident response, forensics, remediation in a cross-functional environment driving towards incident resolution.
Collaborate closely with other parts of the security team and product teams to design defense-in-depth controls that limit attackers' ability and improve our security postures.
To identify risks and actively take ownership to resolve any potential security project issues.
Continuously conduct security research and strive to innovate.
Qualifications
Minimum Qualifications
Background in Computer Science, Computer Engineering, Information Systems or other STEM disciplines.
Strong knowledge in some of these various disciplines: web application security, mobile app security, cloud security and thick client security.
Solid experience in writing and reviewing code in at least one of the following programming languages: JavaScript (Node JS), Go, Python, Java, C++, Rust.
Good project management skills and focused teamwork.
Preferred Qualifications
Experience in independent supporting the application security of a business line.
CTF players, BugBounty experience with reputable statistics in HackerOne, BugCrowd etc.
#J-18808-Ljbffr