- Support the Dev teams to implement Secure Software Development Life Cycle (SSDLC) program; Regularly report the progress and issues.
- Define and develop a structured approach that identifies, quantifies, and addresses Application security risks through industrial best practices.
- Advise on implementation and selection criteria of security components, tools and processes for improving DevSecOps frameworks.
- Supervise Penetration test, vulnerability management and bug bounty program activities to Applications. Address security vulnerabilities and coordinating relevant stakeholders for the mitigation actions.
- Support Dev teams on High Level Design review of solutions following secure by design principles.Deliver secure code training program to Dev team.
- Support Dev teams to address possible findings and gaps arising from ISF assessment, Identify potential threats, such as structural vulnerabilities that can be identified, enumerated, and prioritized - all from a hypothetical attacker's point of view on Web Applications (threat modelling).
- Support in defining security requirements for Dev teams on the basis of high level requirements coming from CISO;
- Provide support to the Asia development team on cybersecurity topics.
- Support SecOps team on developing SOC use cases and alerts.
- Support Dev teams in cyber security incident response process.
- Continuous DevSecOps improvement by planning and executing security projects.
The Successful Candidate :
- Minimum of 7 years hands-on experiences on Application Security, security architecture and DevOps, at least 2 years in managing or leading a team.
- Strong Expertise with Open Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP), and National Institute of Standards and Technology (NIST) Special Publications
- Technical knowledge of relevant security tools and processes such as Penetration test and Vulnerability Management.
- Fluent English communicator, ability to lead through influence, communicate effectively to stakeholders on risk mitigation and implementing security controls.
- Strong understanding of Application Design including web, mobile and backend platforms, DevOps, APIs (JSON/REST/SOAP), Database, Cloud Security, Infra as Code (IaC), TCP/IP, system and network fundamentals.
- Strong problem solving and project execution skills. Ability to handle changing priorities and drive difficult decisions.
- Extensive knowledge of information and technology security management (ITSM) technologies, methods, standards, and processes as well as knowledge of compliance, legal, internal / external audit & regulatory requirements.
- Knowledge of common information security management frameworks, including but not limited to: ISF, ISO 27000, ITIL, COBIT and NIST is desired.
- Professional security management certification, such as a CISSP, CISM, CEH is desired
- Professional certification on Penetration Testing such as OSCP/E, GWAPT, GPEN, or GXPN certification(s) or other similar credentials will be an added advantage.
Click "Apply Now" to apply for this position or call Andrey Sin at +852 3180 4951 for a confidential discussion. All information collected will be kept in strict confidence and will be used for recruitment purpose only.