Position: Manager
ROLE CONTEXT
PURPOSE
- Application Security Program for all Business Units.
- Web Application Scanning (WAS) configuration advisory in support of Business Units
- Web Application Scanning (WAS) findings review in support of Business Units
- Define Web Application Firewall (WAF) configuration needs, in support of IT Security Engineering teams.
- Penetration Testing Coordination in support of Business Units
- Application Architecture Security Assessment (Web and Mobile) in support of Business Units
- Secure Static Code Review support for development teams
- Ensure compliance with policies, regulatory requirements and best practices.
- Provide expertise to Business Units when needed, to support their Application Security needs.
KEY ACCOUNTABILITIES
- Ensure that all applicable applications have penetration tests conducted according to company policy.
- Ensure that all applicable applications are scanned according to company policy.
- Support application owners in their remediation efforts, as needed, arising from application scanning and penetration testing.
- Ensure that all applications are penetration tested within applicable time frames
- Ensure that all applicable applications are scanned regularly in accordance with policy
- Ensure that all identified application vulnerabilities are remediated in a timely manner
- Ensure that all Web Application Firewalls are appropriately configured
- Ensure that all development teams are complying with company secure coding policies & standards
NEED TO KNOW
QUALIFICATIONS / EXPERIENCE
- Minimum 5 years working experience in Application Security engineering role, preferably in Financial Services.
- Degree from Information Technology or equivalent discipline.
- Certification on CEH / CSSLP / OSCP / CISSP / CRISC is preferred.
- Regional experience in this role with knowledge on countries’ data regulatory requirements.
KNOWLEDGE & TECHNICAL SKILLS
- Knowledge on Application Security Standards, Frameworks, best practices and tools.
- Excellent interpersonal and influential skills to enable the implementation and enforcement of the Application Security program.
- Good communication and presentation skills
- Insurance Business operations knowledge.
Tools
- Imperva
- Fortify
- Qualys
- Archer
- Tennable/Nessus
- Veracode SAST
- Splunk
- Appscan
Interested candidates may submit their resume to: [email protected]