Job Description (JD)
| Nama Program | KESELAMATAN SIBER [K622-001-SS:2026] |
|---|---|
| Kod CU | K622-001-SS:2026-C10 |
| Competency | Core |
| Tajuk CU | Cyber Security Application Security |
| Penerangan CU | Expert Element Overview: Cyber Security Application Security describes the expert in defining enterprise application security strategy, governing secure software development practices, and integrating security architecture across the Software Development Lifecycle (SDLC) and DevSecOps ecosystems. This includes establishing governance frameworks, leading threat modelling, conducting architectural reviews, evaluating enterprise-wide application controls, and overseeing testing program maturity. The Senior Skills Expert advises development, engineering, and architecture teams on secure design, ensures alignment with organisational policies and regulatory expectations, and drives continuous improvement in application and API security posture across diverse technology environments. |
| Tempoh Latihan | 0 |
| Objektif Pembelajaran | 1. The person who is expert in this activity should capable to i) Define strategic direction and governance; ii) Advise on architecture review and security integration; iii) Evaluate application and API security across enterprise environments; iv) Enhance vulnerability analysis and application monitoring capabilities; and 2. The outcome of this domain is able to i) Establish and govern enterprise-wide frameworks for secure software development, DevSecOps integration, and API security aligned to business and regulatory requirements. ii) Lead architectural assessments, threat modelling, and secure design reviews to ensure robust application and API protection. iii) Evaluate enterprise testing outputs, penetration test results, and secure code practices to identify high-risk weaknesses requiring prioritised remediation. iv) Strengthen vulnerability monitoring, anomaly detection, and lifecycle tracking to enhance application security resilience. v) Guide development teams across business units through strategic remediation, capability uplift, and adoption of secure engineering practices. 3. Professional certifications related to this domain expertise include, but are not limited to: i) ISC2 Certified Secure Software Lifecycle Professional (CSSLP) ii) EC-Council Certified Application Security Engineer (CASE – Java/.NET) iii) GIAC Secure Software Programmer (GSSP – Java, .NET, Python) iv) Web Application Penetration Testing (eWPT) v) OWASP Application Security Practitioner (OASP) vi) Certified DevSecOps Professional (CDP) vii) Certified DevOps Security Expert (CDSE) viii) Certified API Security Professional (CASP) ix) DevSecOps Foundation x) Automating Information Security with Python (GPYC) |
| Pra-Syarat | K622-001-SE:2026 |

