Connecting...

Information Security Manager - DevSecOps

Job Title: Information Security Manager - DevSecOps
Contract Type: Permanent
Location: New Territories, Hong Kong
Industry: Technology
Reference: 44973_1604970439
Contact Name: Andrey Sin
Contact Email: andrey.sin@kos-intl.com

Job Description

Job Descriptions:

  • Support the Dev teams to implement Secure Software Development Life Cycle (SSDLC) program; Regularly report the progress and issues.
  • Define and develop a structured approach that identifies, quantifies, and addresses Application security risks through industrial best practices.
  • Advise on implementation and selection criteria of security components, tools and processes for improving DevSecOps frameworks.
  • Supervise Penetration test, vulnerability management and bug bounty program activities to Applications. Address security vulnerabilities and coordinating relevant stakeholders for the mitigation actions.
  • Support Dev teams on High Level Design review of solutions following secure by design principles.Deliver secure code training program to Dev team.
  • Support Dev teams to address possible findings and gaps arising from ISF assessment, Identify potential threats, such as structural vulnerabilities that can be identified, enumerated, and prioritized - all from a hypothetical attacker's point of view on Web Applications (threat modelling).
  • Support in defining security requirements for Dev teams on the basis of high level requirements coming from CISO;
  • Provide support to the Asia development team on cybersecurity topics.
  • Support SecOps team on developing SOC use cases and alerts.
  • Support Dev teams in cyber security incident response process.
  • Continuous DevSecOps improvement by planning and executing security projects.

The Successful Candidate :

  • Minimum of 7 years hands-on experiences on Application Security, security architecture and DevOps, at least 2 years in managing or leading a team.
  • Strong Expertise with Open Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP), and National Institute of Standards and Technology (NIST) Special Publications
  • Technical knowledge of relevant security tools and processes such as Penetration test and Vulnerability Management.
  • Fluent English communicator, ability to lead through influence, communicate effectively to stakeholders on risk mitigation and implementing security controls.
  • Strong understanding of Application Design including web, mobile and backend platforms, DevOps, APIs (JSON/REST/SOAP), Database, Cloud Security, Infra as Code (IaC), TCP/IP, system and network fundamentals.
  • Strong problem solving and project execution skills. Ability to handle changing priorities and drive difficult decisions.
  • Extensive knowledge of information and technology security management (ITSM) technologies, methods, standards, and processes as well as knowledge of compliance, legal, internal / external audit & regulatory requirements.
  • Knowledge of common information security management frameworks, including but not limited to: ISF, ISO 27000, ITIL, COBIT and NIST is desired.
  • Professional security management certification, such as a CISSP, CISM, CEH is desired
  • Professional certification on Penetration Testing such as OSCP/E, GWAPT, GPEN, or GXPN certification(s) or other similar credentials will be an added advantage.

Click "Apply Now" to apply for this position or call Andrey Sin at +852 3180 4951 for a confidential discussion. All information collected will be kept in strict confidence and will be used for recruitment purpose only.