Senior IT Security Engineer Application Security

Loma Technology

Hot job

  • Location:

    Phnom Penh, Cambodia

  • Category:

    Information Technology

  • Job Type:

    Full Time

  • Salary:

    Negotiable

Skills Required: Github, DevOps


Educational Requirements:
  • Bachelor Degree
Experience:
  • 3 Years

Extra Benefits:

  • Sick Leave
  • Annual Leave
  • Special Leave

Job Description:

Normal 0 false false false EN-US ZH-CN KHM

JOB SUMMARY

We are seeking an experienced It Security Engineer with expertise in Application Security, Dev SecOps, and Secure Software Development Lifecycle (Secure SDLC). This role focuses on integrating security into the development process, performing security assessments, and establishing standards and guidelines to ensure secure coding practices across the organization

KEY ACCOUNTABILITIES

1.        Application Security & Secure SDLC 

-    Perform application security testing (SAST, DAST, SCA) and analyse vulnerabilities.

-    Conduct threat modelling and secure design reviews for new or updated applications.

-    Define and enforce secure coding standards (OWASPTop10, CWE/SANSTop25).

-    Integrate security tools (e.g., Snyk, Checkmarks, SonarQube, Burp Suite) into CI/CD pipelines.

2.       DevOps Security & Automation

-    Embed security controls in CI/CD workflows (e.g., IaC scanning, container security, Kubernetes hardening).

-    Automated security checks (e.g., secret detection, misconfiguration scanning) with tools like GitLab Secure,  Aqua, Prisma Cloud.

-    Implement Infrastructure-as-Code (Terraform, Ansible) and apply cloud security best practices (AWS, Azure, GCP).

3.       Security Standards &Governance

-    Define and maintain application security standards, processes, and guidelines.

-    Train developers on secure coding, API security, and cryptography.

-    Translate security risks into business impact for developers and executives

JOB REQUIREMENTS

(Education, Qualification/Skills/Behaviors, and Related Experiences.)

-    3+ years in Application Security, DevSecOps, or SDLC security.

-    Familiarity with SAST/DAST/SCA tools (Semgrep, SonarQube, Snyk, Trivy, OWASP ZAP, Nexus)

-    JPA or Hibernate

-    Experience with CI/CD security (GitHub Actions, Jenkins, Azure DevOps), cloud-native security, and threat modelling (STRIDE, PASTA)

-    Deep understanding of OWASPTop10, secure coding, and API security

-    Preferred Certifications eWPT, eWPTX, eCPPT, OSCP, or Burp Suite Certified Practitioner

-    Application Security Testing‒ Identify and remediate vulnerabilities through SAST, DAST, and SCA.

-    Threat Modelling &Secure Design‒Assess risks and secure new and evolving applications.Developer Enablement‒Train and mentor engineering teams on secure coding and AppSec best practice


Job Summary:

  • Job Posted:03 Sep, 2025

  • Expiration:03 Jan, 2026

  • Vacancy:1

  • Gender: No Preference

Working Conditions:
  • On Site