Secure Software Development Life Cycle (S-SDLC) Cybersecurity Engineer - Information Security

5-7 years
15 days ago
Job Description

Job Description:

  • Participate in implementing Secure Software Development Life Cycle (SDLC), produce security solutions and security test reports, provide advice in patching vulnerabilities, and follow up with risk mitigation.
  • Embed security principles into the design of system architectures to mitigate the risks posed by new technologies and business practices.
  • Design artifacts, spanning design, development, and implementation, into enterprise systems that describe security principles and how they relate to the overall enterprise system architecture.
  • Evaluate the risk points of common application frameworks and develop security solutions to provide security support for each business line.


  • Bachelor's degree in Computer Science, Engineering, or related fields.
  • More than 5 years of relevant work experience.
  • Familiar with OWASP TOP 10 vulnerabilities, and have a deep understanding of the principle, utilization, patching, and reinforcement of various vulnerabilities.
  • Familiar with the enterprise's SDLC process implementation, have work experience in building secure SDLC for IT companies, and have been in charge of secure SDLC for a large dev team.
  • Familiar with black box testing methods and paths, able to independently complete source code auditing work, have hands-on experience in security design checklist.
  • Familiar with at least one programming language such as Java, Python, PHP, Go, C, etc., and proficient in reading design documents and related codes.
  • Having an understanding of common business logic vulnerabilities such as authentication, ultra vires, and tampering, and experiences independently exploring business logic vulnerabilities would be a bonus.
  • Extensive experience in vulnerability mining, code auditing, and security solutions.
  • Experience in vulnerability mining at the framework level.

Preferred Experience

  • Having been credited to high-risk CVEs for well-known projects.
  • Having contributed to the development of open-source projects. Experience working in team collaborative development and familiar with development tools.
  • Fluent English communication skills for effective collaboration with multinational teams.




business logic vulnerabilities
Job Source:

Shopee Pte. Ltd. is a Singaporean multinational technology company that specialises in e-commerce. The company was launched in Singapore in 2015, before it expanded abroad. As of 2021, Shopee is considered the largest e-commerce platform in Southeast Asia with 343 million monthly visitors.