Application Security

Position: Manager



  • Application Security Program for all Business Units.
  • Web Application Scanning (WAS) configuration advisory in support of Business Units
  • Web Application Scanning (WAS) findings review in support of Business Units
  • Define Web Application Firewall (WAF) configuration needs, in support of IT Security Engineering teams.
  • Penetration Testing Coordination in support of Business Units
  • Application Architecture Security Assessment (Web and Mobile) in support of Business Units
  • Secure Static Code Review support for development teams
  • Ensure compliance with policies, regulatory requirements and best practices.
  • Provide expertise to Business Units when needed, to support their Application Security needs.


  • Ensure that all applicable applications have penetration tests conducted according to company policy.
  • Ensure that all applicable applications are scanned according to company policy.
  • Support application owners in their remediation efforts, as needed, arising from application scanning and penetration testing.
  • Ensure that all applications are penetration tested within applicable time frames
  • Ensure that all applicable applications are scanned regularly in accordance with policy
  • Ensure that all identified application vulnerabilities are remediated in a timely manner
  • Ensure that all Web Application Firewalls are appropriately configured
  • Ensure that all development teams are complying with company secure coding policies & standards



  • Minimum 5 years working experience in Application Security engineering role, preferably in Financial Services.
  • Degree from Information Technology or equivalent discipline.
  • Certification on CEH / CSSLP / OSCP / CISSP / CRISC is preferred.
  • Regional experience in this role with knowledge on countries’ data regulatory requirements.


  • Knowledge on Application Security Standards, Frameworks, best practices and tools.
  • Excellent interpersonal and influential skills to enable the implementation and enforcement of the Application Security program.
  • Good communication and presentation skills
  • Insurance Business operations knowledge.


  • Imperva
  • Fortify
  • Qualys
  • Archer
  • Tennable/Nessus
  • Veracode SAST
  • Splunk
  • Appscan

Interested candidates may submit their resume to: [email protected]