JOB DESCRIPTION

Job Description (JD)

Nama ProgramKESELAMATAN SIBER [K622-001-SS:2026]
Kod CUK622-001-SS:2026-C10
CompetencyCore
Tajuk CUCyber Security Application Security
Penerangan CUExpert Element Overview:
Cyber Security Application Security describes the expert in defining enterprise application security strategy, governing
secure software development practices, and integrating security architecture across the Software Development
Lifecycle (SDLC) and DevSecOps ecosystems. This includes establishing governance frameworks, leading threat
modelling, conducting architectural reviews, evaluating enterprise-wide application controls, and overseeing testing
program maturity. The Senior Skills Expert advises development, engineering, and architecture teams on secure design,
ensures alignment with organisational policies and regulatory expectations, and drives continuous improvement in
application and API security posture across diverse technology environments.
Tempoh Latihan0
Objektif Pembelajaran1. The person who is expert in this activity should capable to
i) Define strategic direction and governance;
ii) Advise on architecture review and security integration;
iii) Evaluate application and API security across enterprise environments;
iv) Enhance vulnerability analysis and application monitoring capabilities; and
2. The outcome of this domain is able to
i) Establish and govern enterprise-wide frameworks for secure software development, DevSecOps integration,
and API security aligned to business and regulatory requirements.
ii) Lead architectural assessments, threat modelling, and secure design reviews to ensure robust application and
API protection.
iii) Evaluate enterprise testing outputs, penetration test results, and secure code practices to identify high-risk
weaknesses requiring prioritised remediation.
iv) Strengthen vulnerability monitoring, anomaly detection, and lifecycle tracking to enhance application security
resilience.
v) Guide development teams across business units through strategic remediation, capability uplift, and adoption
of secure engineering practices.
3. Professional certifications related to this domain expertise include, but are not limited to:
i) ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
ii) EC-Council Certified Application Security Engineer (CASE – Java/.NET)
iii) GIAC Secure Software Programmer (GSSP – Java, .NET, Python)
iv) Web Application Penetration Testing (eWPT)
v) OWASP Application Security Practitioner (OASP)
vi) Certified DevSecOps Professional (CDP)
vii) Certified DevOps Security Expert (CDSE)
viii) Certified API Security Professional (CASP)
ix) DevSecOps Foundation
x) Automating Information Security with Python (GPYC)
Pra-SyaratK622-001-SE:2026