Manager, Application Security

Location: Asia-Pacific - Malaysia - Kuala Lumpur
BU/Function: RazerGold
Seniority: Manager & Professionals
Job Code: 1781

Job Responsibilities

  • Plans, organizes and manages security related to application.
  • Develop and maintain security policies, security standards, security processes and best practices into SDLC to compliance with regulations such as RMiT and TRM.
  • Manage vulnerability check tools such as Static Code Analysis, Software Composition Analysis and Dynamic Code Analysis tools.
  • Conduct regular security assessments such as critical security design review, code review and application security testing.
  • Discover potential threats and vulnerabilities in application and provide solution/mitigation plan.
  • Monitor and response to security breaches/threats/vulnerabilities. Investigate and remediate security incidents.
  • Assists in auditing and compliance related to security.
  • Coordinate application pen-testing with software engineer to fix the finding.
  • Research and keeping application up-to-date on latest security trend.
  • Collaborate with software engineers and devops in securing application.
  • Provide security training and guidance to software engineers or other team member.
  • Mentor and coach members of the team.

Pre-Requisites

  • Bachelor’s degree in Computer Science / Information Technology or equivalent.
  • Minimum of 5 years working experience of relevant experience in securing application.
  • Experience with vulnerability check tools such as Static Code Analysis, Software Composition Analysis and Dynamic Code Analysis tools
  • Experience with application security testing with tools and/or manually.
  • Strong knowledge in web protocols, authentication mechanism, cryptography, application security, cloud architecture and/or network infrastructure security.
  • Has experience writing and testing web application and web services in the following programming languages: NET Framework, .NET Core, ASP.NET, Node.js, Javascript.
  • Familiarity with development tools including Visual Studio, JIRA, GIT and Jenkins.
  • Must be able explain all vulnerabilities and weaknesses in the OWASP Top 10 & CWE 25 to any audience and discuss effective defensive techniques.
  • Familiarity with industry standards and regulations including PCI, ISO27002, RMiT and TRM is desired.
  • Holding security related certification such as CEH, CASE, CASS, CISSP is a plus.
  • Positive attitude and eagerness to learn, along with quality team lead role.
  • Good interpersonal skills and able communicate well to team and management.
  • Able to work independently and proactive personality.