Application Security Manager
Application Security Manager
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Not Disclosed
Salary Not Disclosed
1 Vacancy
Job Description
Line of Service
AdvisoryIndustry/Sector
Not ApplicableSpecialism
Cybersecurity & PrivacyManagement Level
ManagerJob Description & Summary
A career in our Security Architecture practice within Cybersecurity and Privacy services will provide you with the opportunity to help our clients implement an effective cybersecurity programme that protects against threats propels transformation and drives growth. As companies pivot toward a digital business model exponentially more data is generated and shared among organisations partners and customers. Youll play an integral role in helping our clients ensure they are protected by developing transformation strategies focused on security efficiently integrate and manage new or existing technology systems to deliver continuous operational improvements and increase their cybersecurity investment and detect respond and remediate threats.In joining youll be a part of a team that helps organisations design and create sustainable security solutions to provide foundational capabilities and operational discipline through a focus on enterprise requirements and prioritisation Information Technology security architecture and the software development lifecycle.
Job Responsibilities:
- Manage direct and deliver cyber-attack simulations as part of the RED team activity
- Manage direct and deliver Vulnerability Assessment (VA) and Penetration Testing (PT) and configuration review for network web mobile and thick-client applications APIs POS etc
- Manage direct and deliver source-code review using automated and manual approaches review results to eliminate false positives
- Manage direct and deliver configuration reviews for OS DB Firewall routers switches and other security devices/components
- Perform and deliver gap analysis and assessments based on standards guidelines notices circulars (eg. ISO27K1 MAS TRM HKMA etc)
- Prepare and review detailed reports and ensure timely delivery of status updates and final reports to clients
Provide technical guidance with respect to the development and execution of our key application security service offerings including:
- conducting assessments of applications (web cloud mobile API) using range of manual and automated source code review techniques;
- performing security architecture reviews and risk assessments for applications in design and production phases;
- identifying potential threats and attacks to applications systems through threat modeling;
- identifying security recommendations and aligning them to appropriate risk ranking systems;
- integrating application security tools and process in pipeline;
- agile penetration testing; evaluating developing enhancing and/or running application security programs for our clients;
- conducting the above with a specific focus on DevSecOps.
- Manage client stakeholders provide project status updates discuss findings and explain recommendations
- Work with clients to analyze evaluate and enhance the effectiveness of their application/product security posture at procedural and technological levels from design to deployment.
- Keep abreast of the latest IT Security news exploits hacks
Essential Skills:
- Manage projects team members and client stakeholders for successful delivery
- Manage project economics
- Thorough and practical knowledge of OWASP network protocols data on the wire and covert channels
- Hands on experience with popular security tools Nmap Nessus Kali Metasploit BurpSuite Netsparker OWASP CSRF Tester Fortify/Checkmarx SonarQube Synopsys SQLite browser Drozer
- Working knowledge of manual testing of web applications
- Understands Software Development Life Cycle and SOAP REST and GraphQL APIs
- Skills in performing VAPT for Web applications Mobile applications APIs Network infrastructure Thick client applications
- Good knowledge of modifying and compiling exploit code
- Good understanding and knowledge of codes languages
- Has practical experience in auditing various OS DB Network and Security technologies
- Strong understanding Unix/Linux/Mac/Windows operating systems including bash and Powershell
Experience in at least three of the following:
- Set up and operate red team infrastructure
- Perform targeted covert penetration tests with vulnerability identification exploitation and post-exploitation activities
- Email phone or physical social-engineering assessments
- Developing extending or modifying exploits shellcode or exploit tools
- Reverse engineering malware data obfuscators or ciphers
- Strong credentials in wireless web application and network security testing
- Familiar with MITRE ATT&CK framework and D3FEND matrix
Educational Requirements & Experience
- Bachelors in Computer Science/IT/Electronics Engineering or equivalent University degree.
- Minimum of 5-7 years of experience in the managing and delivering security tests and compliance review projects.
- Certifications: CREST CRT CREST CPSA Offensive Security Certified Professional (OSCP) GIAC Certified Web Application Defender (GWEB)
- Other Certifications: OSWP BSCP Certified Red Team Professional
Education (if blank degree and/or field of study not specified)
Degrees/Field of Study required: Bachelor of Science - Information TechnologyDegrees/Field of Study preferred:Certifications (if blank certifications not specified)
Required Skills
Optional Skills
Desired Languages (If blank desired languages not specified)
Travel Requirements
Not SpecifiedAvailable for Work Visa Sponsorship
NoGovernment Clearance Required
YesJob Posting End Date
Required Experience:
Manager
Employment Type
Full-Time
