Back to search results

Application Security Manager

Apply Apply

Apply for this role today

Join our amazing team with us today to start your new career


Role Purpose:

As Application Security Manager, you will be in a part of Group IT Security Function to support security operations related to application DevSecOps, and to ensure suitable security measure is present during every stage of the systems development lifecycle.

A typical day in this Role: 

  • Support the Dev teams to implement Secure Software Development Life Cycle (SSDLC) program; Regularly report the progress and issues. 
  • Define and develop a structured approach that identifies, quantifies, and addresses Application security risks through industrial best practices.
  • Advise on implementation and selection criteria of security components, tools and processes for improving DevSecOps frameworks.
  • Supervise Penetration test, vulnerability management and bug bounty program activities to Applications.  Address security vulnerabilities and coordinating relevant stakeholders for the mitigation actions.
  • Support Dev teams on High Level Design review of solutions following secure by design principles
  • Deliver secure code training program to Dev team.
  • Support Dev teams to address possible findings and gaps arising from ISF assessment, Identify potential threats, such as structural vulnerabilities that can be identified, enumerated, and prioritized – all from a hypothetical attacker’s point of view on Web Applications (threat modelling).
  • Support in defining security requirements for Dev teams on the basis of high level requirements coming from CISO;
    Provide support to the Asia development team on cybersecurity topics.
  • Support SecOps team on developing SOC use cases and alerts.   Support Dev teams in cyber security incident response process.
  • Continuous DevSecOps improvement by planning and executing security projects.

What we look for:

  • Minimum of 7 years hands-on experiences on Application Security, security architecture and DevOps, at least 2 years in managing or leading a team.
  • Strong Expertise with Open Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP), and National Institute of Standards and Technology (NIST) Special Publications
  • Technical knowledge of relevant security tools and processes such as Penetration test and Vulnerability Management.
  • Fluent English communicator, ability to lead through influence, communicate effectively to stakeholders on risk mitigation and implementing security controls.
  • Strong understanding of Application Design including web, mobile and backend platforms, DevOps, APIs (JSON/REST/SOAP), Database, Cloud Security, Infra as Code (IaC), TCP/IP, system and network fundamentals.
  • Strong problem solving and project execution skills. Ability to handle changing priorities and drive difficult decisions.
  • Extensive knowledge of information and technology security management (ITSM) technologies, methods, standards, and processes as well as knowledge of compliance, legal, internal / external audit & regulatory requirements.
  • Knowledge of common information security management frameworks, including but not limited to: ISF, ISO 27000, ITIL, COBIT and NIST is desired.
  • Professional security management certification, such as a CISSP, CISM, CEH is desired
  • Professional certification on Penetration Testing such as OSCP/E, GWAPT, GPEN, or GXPN certification(s) or other similar credentials will be an added advantage.

This job is a good fit for You if: 

  • You have great passion in Application Security, or DevSecOps
  • You are Pro-active, positive mindset independent, well-organized.
  • You are motivated and enjoy teamwork across different culture


Watson House,1-5 Wo Liu Hang Road,Fo Tan,Shatin NT Hong Kong


Apply now to become part of more

By joining us, you will be part of More than just a health and beauty retail group. You’ll become part of an organisation which is well-recognised all over the world.