IT Application Security Manager

 Mô tả Công việc
  
 
  
 • Provide advisory, risk assessment and security assessment for IT projects follows Prudential Secure SDLC and DevSecOps requirements.
 • Consult with business users, application developers, systems administrators and management to demonstrate security testing results, explain the threat/risk presented by the results, and consult on remediation.
 • Liaise with vendor in the annual an ad-hoc penetration testing schedule to ensure proper budgeting by business lines.
 • Take part in and ensure the completeness of the annual Application Security training program.
 • Review and monitor vendor’s security service and deliverable.
 • Regularly perform compliance assessment on regional policies, standards and drive remediation of control gaps.
 • Take part in the implementation of security programs within the local business.
 • Foster and maintain relationships with key stakeholders and business partners
 • Champion both local & regional IT security initiatives to completion.
 • Liaise with internal and external auditors and regulators to ensure all audit and compliance findings are adequately remediated across the business unit.
 • Incident management and response.
 • Other duties as assigned
  
 
  Yêu Cầu Công Việc 
 
  
  Qualifications  
 • University degree in Computer Science or technology related disciplines 
 • A minimum of 5 years of relevant experience in IT Security or Information Security (Technical) 
 • At least 3 years’ experience in Application Security or penetration testing required. 
 
 
  Knowledge and skill  
 • Broad knowledge of security domains, trends, and technologies (such as threat and vulnerability management, identity & access management, web application security, data loss prevention, encryption). 
 • In-depth knowledge of application development processes and at least one programming or scripting language (e.g., Java, DotNet, Python, Bash, etc.). 
 • Hands-on experience with testing frameworks such as the PTES and OWASP for Web and mobile application. 
 • Familiar with Cloud-native application, API security, Container. 
 • Extensive experience with security testing tools (e.g., SAST, DAST, OSS vulnerability testing, Container Security, RASP) embedded within DevSecOps and support CI/CD pipeline 
 • Applicable knowledge of Windows client/server, Unix/Linux systems. 
 • Experience with Cloud technologies in AWS, Azure, or Google Cloud. 
 • Professional qualifications such as CEH, OSCP, GWAPT preferred. 
 • Knowledge of risk management principles. 
 • Ability to manage relationships at various levels within the organization 
 • Ability to influence and resolve conflict through timely and transparent communications. 
 • Ability to work under pressure