Job Description
You will be a member of the Group Information Security Team responsible for ensuring that IT solutions (both applications and infrastructure) are developed and designed with security inbuilt.
Key Responsibilities
ā¢Provide security consultancy, technical guidance, expertise, solutioning and education for en-terprise.
ā¢Advise application and infrastructure teams on application and infrastructure security design that is relevant and fit for purpose.
ā¢Align security architecture frameworks and standards with business strategies and functions. Maintain Cyber risk management framework and perform assessment of applications for emerging areas like cloud security, machine learning etc.
ā¢Advise and review application security design to detect potential security issues and for each issue, propose and drive remediation tasks. Develop application security blueprints. Propose and/or develop training courses to advance developersā security knowledge.
ā¢Perform threat modelling on security critical applications. Keep up to date on emerging secu-rity threats and vulnerabilities on new platforms adopted by the SIA Group. Define scope and review the results of security tests, reviews and audits to ensure security assurance is achieved.
ā¢Any relevant ad-hoc duties. Manage individual project priorities, deadlines and deliverables. This is an individual contributor role. Strong communication skills.
Requirements
ā¢Degree in IT or related fields, with at least 5 years in information security, especially in the application security space.
ā¢Professional security certifications (CISSP, CSSLP, CEH, CCSP etc) preferred.
ā¢Technical proficiency in one or more of the following security areas: network design, zero trust, Internet of Things, cryptography etc.
ā¢Strong in-depth working knowledge in secure application development techniques. Secure by Design. Secure source code review. Prior experience with any of the following tools: Static Application Security Testing (SAST), Dynamic Application Security (DAST), Software Compo-sition Analysis (SCA).
ā¢Strong understanding of Agile, DevSecOps, OWASP Top 10, and securing cloud technolo-gies. Familiar with common web/mobile application vulnerabilities and technical knowledge to address and mitigate vulnerabilities.
ā¢Knowledge of cyber security threats, vulnerabilities, hacking and exploit methods etc. Any prior vulnerability management experience preferred.
ā¢Strong oral, written, presentation and inter-personal skills.
ā¢Possess positive attitude with drive, initiative, enthusiasm, and a keen sense of urgency in resolving high-priority issues.
ā¢Able to work independently and in a team-oriented, collaborative environment.