As Application Security Manager, you will be in a part of Group IT Security Function to support security operations related to application DevSecOps, and to ensure suitable security measure is present during every stage of the systems development lifecycle.
A typical day in this Role:
- Support the Dev teams to implement Secure Software Development Life Cycle (SSDLC) program; Regularly report the progress and issues.
- Define and develop a structured approach that identifies, quantifies, and addresses Application security risks through industrial best practices.
- Advise on implementation and selection criteria of security components, tools and processes for improving DevSecOps frameworks.
- Supervise Penetration test, vulnerability management and bug bounty program activities to Applications. Address security vulnerabilities and coordinating relevant stakeholders for the mitigation actions.
- Support Dev teams on High Level Design review of solutions following secure by design principles.Deliver secure code training program to Dev team.
- Support Dev teams to address possible findings and gaps arising from ISF assessment, Identify potential threats, such as structural vulnerabilities that can be identified, enumerated, and prioritized – all from a hypothetical attacker’s point of view on Web Applications (threat modelling).
- Support in defining security requirements for Dev teams on the basis of high level requirements coming from CISO;
- Provide support to the Asia development team on cybersecurity topics.
- Support SecOps team on developing SOC use cases and alerts.
- Support Dev teams in cyber security incident response process.
- Continuous DevSecOps improvement by planning and executing security projects.
This job is a good fit for You if:
- You have great passion in Application Security, or DevSecOps
- You are Pro-active, positive mindset independent, well-organized.
- You are motivated and enjoy teamwork across different culture.
What we look for:
- Minimum of 7 years hands-on experiences on Application Security, security architecture and DevOps, at least 2 years in managing or leading a team.
- Strong Expertise with Open Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP), and National Institute of Standards and Technology (NIST) Special Publications
- Technical knowledge of relevant security tools and processes such as Penetration test and Vulnerability Management.
- Fluent English communicator, ability to lead through influence, communicate effectively to stakeholders on risk mitigation and implementing security controls.
- Strong understanding of Application Design including web, mobile and backend platforms, DevOps, APIs (JSON/REST/SOAP), Database, Cloud Security, Infra as Code (IaC), TCP/IP, system and network fundamentals.
- Strong problem solving and project execution skills. Ability to handle changing priorities and drive difficult decisions.
- Extensive knowledge of information and technology security management (ITSM) technologies, methods, standards, and processes as well as knowledge of compliance, legal, internal / external audit & regulatory requirements.
- Knowledge of common information security management frameworks, including but not limited to: ISF, ISO 27000, ITIL, COBIT and NIST is desired.
- Professional security management certification, such as a CISSP, CISM, CEH is desired
- Professional certification on Penetration Testing such as OSCP/E, GWAPT, GPEN, or GXPN certification(s) or other similar credentials will be an added advantage.
We are an equal opportunity employer and welcome applications from all qualified candidates. The information provided will be treated in strict confidence and be used only for consideration of your application for relevant/ similar posts within the A.S. Watson Group.
Apply now to become part of more
By joining us, you will be part of More than just a health and beauty retail group. You’ll become part of an organisation which is well-recognised all over the world.Apply