Search by job, company or skills

emapta global

Application Security Engineer (DevSecOps, CI/CD, SAST/DAST/SCA)

emapta global
Malaysia, Kuala Lumpur
3-5 Years
Save
new job description bg glownew job description bg glownew job description bg svg
  • Posted 3 hours ago
  • Be among the first 10 applicants
Early Applicant

Job Description

Embed Security in SDLC Through CI/CD, Testing, and Secure Coding

As an Application Security Engineer, you embed security into the software development lifecycle by integrating controls within CI/CD pipelines, conducting application security testing, and ensuring vulnerabilities are identified and remediated early. You work closely with development and DevOps teams to enforce secure coding practices and align applications with established security standards. This role offers a long-term global career with Emapta, designed for top 1% talent seeking continuous growth, technical depth, and a premium, high-performance environment.

Job Overview

Employment type: Full-time

Shift: Day shift, Flexible shift

Work setup: Hybrid, Kuala Lumpur, Malaysia

Exciting Perks Await!

  • Hybrid work arrangement
  • Day shift schedule
  • Fixed weekends off
  • Government benefits
  • Eight (8) days annual leave
  • Career growth opportunities
  • Diverse and supportive work environment
  • Unlimited upskilling through Emapta Academy courses (Want to know more Visit: https://emapta.com/training-calendar/)

The Qualifications We Seek

  • Currently based in Malaysia with the legal right to work in Kuala Lumpur (hybrid setup)
  • Bachelor's degree in Computer Science, Cybersecurity, or related field (or equivalent experience)
  • Minimum 3+ years of hands-on experience in Application Security, DevSecOps, or Secure Software Development (non-negotiable)
  • Proven experience embedding security into CI/CD pipelines (e.g., GitLab CI, Jenkins, Azure DevOps)
  • Hands-on experience with application security testing tools: SAST (SonarQube, Fortify, Checkmarx), DAST (OWASP ZAP, Burp Suite), and SCA (Snyk, WhiteSource, OWASP Dependency-Check)
  • Strong understanding of OWASP Top 10 and common web application vulnerabilities
  • Experience identifying, prioritizing, and remediating vulnerabilities within the SDLC
  • Practical knowledge of secure coding practices (JavaScript, Python, Java, or .NET)
  • Experience securing APIs and authentication mechanisms (OAuth, SAML, OpenID)
  • Familiarity with container and infrastructure security (Docker, Kubernetes)
  • Understanding of security standards and frameworks (OWASP, ISO 27001, SOC 2)
  • Strong collaboration skills with engineering and DevOps teams
  • Excellent communication skills to translate security findings into actionable fixes
  • Background in application or product engineering environments (strictly not SOC, GRC, or network/network security roles)

Your Daily Tasks

Security Testing & Assessment

  • Integrate security controls and automated checks into CI/CD pipelines to support a secure SDLC
  • Lead and conduct security testing for application releases, including manual code reviews when necessary
  • Build, manage, and maintain DevSecOps tool integrations and automation scripts
  • Evaluate and implement open-source or commercial application security tools

Secure Software Development Lifecycle (SSDLC)

  • Perform Static Application Security Testing (SAST)
  • Perform Dynamic Application Security Testing (DAST)
  • Conduct Software Composition Analysis (SCA)

Risk Assessment & Threat Modeling

  • Assist with threat modelling and security design reviews for in-house applications
  • Maintain a risk-based prioritization matrix for identified vulnerabilities

Compliance & Standards

  • Define and enforce secure coding standards and best practices
  • Support audit and compliance reporting related to application security (SOC 2, ISO 27001, PCI-DSS)

Collaboration and Education

  • Work closely with developers and DevOps teams to embed security into application design and deployment
  • Coordinate vulnerability management and remediation tracking
  • Collaborate with the Release Manager to enforce security gate checks prior to production

Other Responsibilities

  • Perform administrative or non-administrative duties as assigned through written or verbal instructions

Welcome to Emapta Malaysia!

Join Emapta, recognized as one of HR Asia's Best Companies to Work For in Asia 2025. With a 50/50 gender ratio and a culture rooted in care and empathy, you'll feel valued from day one. We're committed to growing talent and setting you up for success.

Be part of a team that showcases Filipino excellence to the world. With 20 offices across 11 countries and 1,000+ clients, you'll create real impact every day-whether you work from home or on-site. Our 100% virtual recruitment process makes it easy to get started.

At Emapta, you're not just joining a company-you're becoming part of a thriving community of 11,000+ professionals growing careers with purpose. And behind every partnership we build is a deep respect for people and the impact they make.

We place integrity at the heart of everything we do and truly value the human experience. That's why, for clients, it's a profound and transformational process that gives them the opportunity to achieve the business growth they desire.

Tim Vorbach, CEO

#EmaptaEra

More Info

Job Type:
Permanent Job
Industry:
Other
Function:
Application Security
Employment Type:
Full time

About Company

emapta global

Job ID: 146600701

Jobs by Skill - IT
Jobs by Skill - Non IT
International Jobs
Last Updated: 30-04-2026 05:30:42 PM
Homejobs in MalaysiaApplication Security Engineer (DevSecOps, CI/CD, SAST/DAST/SCA)

Similar Jobs

Java Application Developer

Tata Consultancy Services Limited

Senior Software Developer (.NET)

InfoConnect Sdn Bhd

Full Stack Developer (React JS & Node JS)

tap growth ai

DRSC T&T - Consultant / Senior Consultant, Identity & Access Management (IAM)

Deloitte
D

Senior Data Scientist (Modeling)

HyTech