Job Description
You will be a member of the Group Information Security Team responsible for ensuring that IT solutions (both applications and infrastructure) are developed and designed with security inbuilt.
Key Responsibilities
โขProvide security consultancy, technical guidance, expertise, solutioning and education for en-terprise.
โขAdvise application and infrastructure teams on application and infrastructure security design that is relevant and fit for purpose.
โขAlign security architecture frameworks and standards with business strategies and functions. Maintain Cyber risk management framework and perform assessment of applications for emerging areas like cloud security, machine learning etc.
โขAdvise and review application security design to detect potential security issues and for each issue, propose and drive remediation tasks. Develop application security blueprints. Propose and/or develop training courses to advance developersโ security knowledge.
โขPerform threat modelling on security critical applications. Keep up to date on emerging secu-rity threats and vulnerabilities on new platforms adopted by the SIA Group. Define scope and review the results of security tests, reviews and audits to ensure security assurance is achieved.
โขAny relevant ad-hoc duties. Manage individual project priorities, deadlines and deliverables. This is an individual contributor role. Strong communication skills.
Requirements
โขDegree in IT or related fields, with at least 5 years in information security, especially in the application security space.
โขProfessional security certifications (CISSP, CSSLP, CEH, CCSP etc) preferred.
โขTechnical proficiency in one or more of the following security areas: network design, zero trust, Internet of Things, cryptography etc.
โขStrong in-depth working knowledge in secure application development techniques. Secure by Design. Secure source code review. Prior experience with any of the following tools: Static Application Security Testing (SAST), Dynamic Application Security (DAST), Software Compo-sition Analysis (SCA).
โขStrong understanding of Agile, DevSecOps, OWASP Top 10, and securing cloud technolo-gies. Familiar with common web/mobile application vulnerabilities and technical knowledge to address and mitigate vulnerabilities.
โขKnowledge of cyber security threats, vulnerabilities, hacking and exploit methods etc. Any prior vulnerability management experience preferred.
โขStrong oral, written, presentation and inter-personal skills.
โขPossess positive attitude with drive, initiative, enthusiasm, and a keen sense of urgency in resolving high-priority issues.
โขAble to work independently and in a team-oriented, collaborative environment.