Position Objective: Uplift and transform Security Assessments practices, tools and processes within local business unit. Review application security design and manage DevSecOps gating.
Roles and Responsibilities: 61 Application Security testing - Guide application teams to fulfill SAST, DAST and Penetration Test (with external vendor) requirements per AIA procedures - Provide assistance to the technology teams in the resolution of identified risk and vulnerabilities identified through control assessment and/or security testing.
61 Secure SDLC & DevSecOps - Advise and assist the development team on the Secure Software development lifecycle activities. - Study and promote the DevSecOps practice, including CI/CD pipeline security set up, container security scanning, and dashboarding configuration, monitoring and reporting.
61 Security champion - Support and maintain the regional application inventory together with system support team. - Work with local application team to address the issues.
61 App Risk Assessment - Perform Security design reviews and application threat modelling on new applications. - Conduct Application Security Risk assessment on existing applications based on security controls defined by the Group following AIA Security Tollgate process. - Ensure the risks identified are clearly defined and documented with appropriate evidence.
Minimum Job Requirements: 61 Degree holder in Computer Science or majoring in Information Systems, or related discipline. 61 5 years+ experience in Security\Risk Assessments with a security focus, gained in another sizable organization 61 Previous experience in app development (Java, C#, Objective-C, etc.) is highly advantageous. 61 Previous experience in DevOps/DevSecOps and Container security is highly advantageous. 61 Previous experience in penetration testing services and techniques is highly advantageous. 61 Ability to define, prioritize and execute process in a structured manner. 61 Excellent knowledge of SDLC practices and common security requirements within web and mobile applications. 61 Desirable: Previous experience in WAF (Web App Firewall) and/or anti-DDoS solutions. 61 Certified professional preferred, e.g. CISSP, CISA, ISO 270xx, CRISC, CISM, GWAPT, GPEN. 61 Strong technical skills in application development security practices 61 Practical experience assessing new technologies and applications 61 Excellent understanding of application security best practices, defensive programming techniques 61 Excellent team working and collaborative skills 61 Be adaptable, able to interact and build strong relationships with people from a diverse range of backgrounds.
