Manager, Application Security

Location: Asia-Pacific - Malaysia - Kuala Lumpur

BU/Function: RazerGold

Seniority: Manager & Professionals

Job Code: 1781

Plans, organizes and manages security related to application.
Develop and maintain security policies, security standards, security processes and best practices into SDLC to compliance with regulations such as RMiT and TRM.
Manage vulnerability check tools such as Static Code Analysis, Software Composition Analysis and Dynamic Code Analysis tools.
Conduct regular security assessments such as critical security design review, code review and application security testing.
Discover potential threats and vulnerabilities in application and provide solution/mitigation plan.
Monitor and response to security breaches/threats/vulnerabilities. Investigate and remediate security incidents.
Assists in auditing and compliance related to security.
Coordinate application pen-testing with software engineer to fix the finding.
Research and keeping application up-to-date on latest security trend.
Collaborate with software engineers and devops in securing application.
Provide security training and guidance to software engineers or other team member.
Mentor and coach members of the team.

Bachelor’s degree in Computer Science / Information Technology or equivalent.
Minimum of 5 years working experience of relevant experience in securing application.
Experience with vulnerability check tools such as Static Code Analysis, Software Composition Analysis and Dynamic Code Analysis tools
Experience with application security testing with tools and/or manually.
Strong knowledge in web protocols, authentication mechanism, cryptography, application security, cloud architecture and/or network infrastructure security.
Has experience writing and testing web application and web services in the following programming languages: NET Framework, .NET Core, ASP.NET, Node.js, Javascript.
Familiarity with development tools including Visual Studio, JIRA, GIT and Jenkins.
Must be able explain all vulnerabilities and weaknesses in the OWASP Top 10 & CWE 25 to any audience and discuss effective defensive techniques.
Familiarity with industry standards and regulations including PCI, ISO27002, RMiT and TRM is desired.
Holding security related certification such as CEH, CASE, CASS, CISSP is a plus.
Positive attitude and eagerness to learn, along with quality team lead role.
Good interpersonal skills and able communicate well to team and management.
Able to work independently and proactive personality.