As Application Security Manager, you will be in a part of Group IT Security Function to support security operations related to application DevSecOps, and to ensure suitable security measure is present during every stage of the systems development lifecycle.
A typical day in this Role:
- Support the Dev teams to implement Secure Software Development Life Cycle (SSDLC) program; Regularly report the progress and issues.
- Define and develop a structured approach that identifies, quantifies, and addresses Application security risks through industrial best practices.
- Advise on implementation and selection criteria of security components, tools and processes for improving DevSecOps frameworks.
- Supervise Penetration test, vulnerability management and bug bounty program activities to Applications. Address security vulnerabilities and coordinating relevant stakeholders for the mitigation actions.
- Support Dev teams on High Level Design review of solutions following secure by design principles
- Deliver secure code training program to Dev team.
- Support Dev teams to address possible findings and gaps arising from ISF assessment, Identify potential threats, such as structural vulnerabilities that can be identified, enumerated, and prioritized – all from a hypothetical attacker’s point of view on Web Applications (threat modelling).
- Support in defining security requirements for Dev teams on the basis of high level requirements coming from CISO;
Provide support to the Asia development team on cybersecurity topics.
- Support SecOps team on developing SOC use cases and alerts. Support Dev teams in cyber security incident response process.
- Continuous DevSecOps improvement by planning and executing security projects.
What we look for:
- Minimum of 7 years hands-on experiences on Application Security, security architecture and DevOps, at least 2 years in managing or leading a team.
- Strong Expertise with Open Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP), and National Institute of Standards and Technology (NIST) Special Publications
- Technical knowledge of relevant security tools and processes such as Penetration test and Vulnerability Management.
- Fluent English communicator, ability to lead through influence, communicate effectively to stakeholders on risk mitigation and implementing security controls.
- Strong understanding of Application Design including web, mobile and backend platforms, DevOps, APIs (JSON/REST/SOAP), Database, Cloud Security, Infra as Code (IaC), TCP/IP, system and network fundamentals.
- Strong problem solving and project execution skills. Ability to handle changing priorities and drive difficult decisions.
- Extensive knowledge of information and technology security management (ITSM) technologies, methods, standards, and processes as well as knowledge of compliance, legal, internal / external audit & regulatory requirements.
- Knowledge of common information security management frameworks, including but not limited to: ISF, ISO 27000, ITIL, COBIT and NIST is desired.
- Professional security management certification, such as a CISSP, CISM, CEH is desired
- Professional certification on Penetration Testing such as OSCP/E, GWAPT, GPEN, or GXPN certification(s) or other similar credentials will be an added advantage.
This job is a good fit for You if:
- You have great passion in Application Security, or DevSecOps
- You are Pro-active, positive mindset independent, well-organized.
- You are motivated and enjoy teamwork across different culture
Apply now to become part of more
By joining us, you will be part of More than just a health and beauty retail group. You’ll become part of an organisation which is well-recognised all over the world.Apply