Product Security Vulnerability Management Engineer
- Kuala Lumpur
- Tetap
- Sepenuh masa
We offer a flexible, hybrid working environment where you can balance work and life while maintaining a strong office team-based culture. We deliver on what we say, taking the development of our people seriously. We'll work with you to progress your success plan and provide opportunities to accelerate your career. On top of a competitive salary, our wellbeing days taking you to 25 days leave a year and a health contribution, you'll also be able to choose from a range of benefits to suit you. We're an organisation that likes to give back, so you'll also have three charity days allocated to support a cause that matters to you.Position Overview
We are seeking a motivated Product Security Vulnerability Management Engineer with 2-3 years of experience to support, manage, and contribute to our comprehensive product security program. This role will be instrumental in operating and enhancing our Application Security Testing Platform, supporting the Secure Software Development Lifecycle (SSDLC) Platform, and enabling DevSecOps integration across our development ecosystem. The position focuses on maintaining automated security testing across the entire product stack while learning to implement secure development practices throughout the organization and collaborating closely with development teams to embed security throughout the software development lifecycle.
The ideal candidate will have hands-on experience with automated security testing tools, DevSecOps practices, a solid foundation in product security principles, and be ready to take on increased responsibilities in vulnerability management, developer engagement, and security program optimization while continuing to develop their expertise in secure SDLC implementation and NIST framework alignment.Key ResponsibilitiesApplication Security Testing & Analysis
- Support the development and maintenance of testing orchestration processes to ensure seamless integration across multiple security tools
- Assist in maintaining and optimizing the unified security testing platform integration with development workflows
- Partner with development teams to integrate security testing into CI/CD pipelines and help reduce friction in security adoption
- Support DevSecOps integration and orchestration activities, including container security scanning and policy as code implementation
- Assist in maintaining pipeline security coverage and security gate automation across development workflows
- Contribute to container vulnerability metrics collection and policy compliance monitoring
- Support Infrastructure as Code (IaC) security scanning and compliance checks
- Create security-focused monitoring and logging solutions for production environments with senior team guidance
- Support threat modeling activities, security requirements generation, and secure architecture pattern implementation aligned with NIST Secure Software Development Framework
- Contribute to the operation and maintenance of the Secure Software Development Lifecycle (SSDLC) Platform
- Assist in ensuring security activities are integrated throughout the software development lifecycle
- Support security gate implementation and help track security gate pass rates
- Participate in architecture reviews and provide input on secure design patterns
- Contribute to security requirements coverage and documentation
- Track and report on key security metrics including vulnerability detection rates, false positive rates, and developer adoption metrics
- Maintain vulnerability findings database and ensure accurate tracking of remediation efforts
- Support mean time to remediation (MTTR) tracking and vulnerability aging metrics
- Generate unified security reports from multiple testing tools for stakeholders and management
- Monitor application security coverage and identify gaps in testing coverage across the application portfolio
- Work collaboratively with development teams to support remediation of high-priority vulnerabilities
- Support compliance efforts by ensuring alignment with NIST Cybersecurity Framework 2.0 controls
- Provide security guidance and training to developers on secure coding practices and vulnerability remediation
- Support developer onboarding security tools and processes, contributing to improved adoption rates
- Create and maintain developer-friendly documentation including integration playbooks and security guides
- Contribute to developer security enablement programs and security champion initiatives
- Support secure coding standards implementation and help track secure coding violations trends
- Assist in security knowledge assessment activities and training satisfaction measurement
- Identify opportunities to enhance the application security testing platform and reduce false positives
- Evaluate and assist in piloting new security tools and technologies to improve detection capabilities
- Contribute to security policy development and help establish security standards for application development
- Support incident response activities related to application security vulnerabilities
- Stay current with emerging threats and application security best practices through continuous learning
- Contribute to continuous improvement in security automation and tool efficiency
- Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or related field
- 2-3 years of hands-on experience in product security, application security, DevSecOps, or related security roles
- Demonstrated experience with application security testing tools and methodologies
- Experience supporting product security programs or secure development initiatives
- Proficiency with SAST, DAST, and SCA tools
- Understanding of secure coding practices and common vulnerability types (OWASP Top 10, CWE Top 25)
- Experience with CI/CD integration and DevSecOps principles
- Familiarity with programming languages commonly used in enterprise environments (Python, Java, JavaScript, C#, etc.)
- Knowledge of web application security concepts and testing methodologies
- Basic understanding of threat modeling methodologies (STRIDE, PASTA)
- Familiarity with container security and cloud-native application security concepts
- Understanding of NIST frameworks including Cybersecurity Framework 2.0 and Secure Software Development Framework
- Experience with Infrastructure as Code (IaC) security scanning tools
- Knowledge of vulnerability management principles and practices
- Strong analytical and problem-solving abilities with attention to detail
- Excellent communication skills for collaborating with technical and non-technical stakeholders
- Ability to work in fast-paced, agile environments while maintaining security standards
- Project management capabilities for coordinating security initiatives across multiple teams
- Eagerness to learn and grow in product security expertise
- Passion for continuous learning and staying current with security trends
- Support improvement in mean time to detection (MTTD) for application vulnerabilities and maintain mean time to remediation (MTTR) below organizational targets
- Help maintain false positive rate below 5% across all testing types through tool tuning and process optimization
- Support achieving 95%+ developer adoption rate of security tools and processes
- Contribute to pipeline security coverage metrics and security gate automation rates
- Support achieving target percentages for projects with threat models and security requirements coverage
- Successful participation in and delivery of security training and guidance sessions with positive training satisfaction scores
- Effective support of development teams in remediation efforts with measurable improvement in vulnerability aging metrics
- Demonstrate contribution to security gate pass rates and policy compliance rates
- Demonstrated growth in product security knowledge and technical capabilities
- Active participation in identifying and implementing process improvements
- Contribution to comprehensive and user-friendly security documentation and guides with measurable impact on developer satisfaction