Application Security Specialist - Leading Life Insurance Company

Pinpoint Asia

  • Hong Kong
  • Permanent
  • Full-time
  • 6 days ago
Our client, a prominent insurance company, is seeking an Application Security Lead to focus on enhancing application security within the organization. This role involves conducting security assessments, participating in secure design reviews, and implementing security controls to protect applications from vulnerabilities. Key responsibilities include collaborating with development teams to promote secure coding practices, performing penetration tests, and maintaining WAF configurations. Success in this role requires strong communication skills, attention to detail, and the ability to work effectively with cross-functional teams to ensure robust application security.Roles and Responsibilities:
  • Conduct application design reviews to identify and mitigate security risks early in the development process.
  • Perform application security assessments, including static (SAST), dynamic (DAST), and manual testing, to ensure compliance with internal and external standards.
  • Review penetration test reports and oversee timely remediation of identified vulnerabilities.
  • Collaborate with development teams to promote secure coding practices and perform threat modeling.
  • Assist in reviewing and validating firewall rule change requests to ensure compliance with security policies.
  • Support and maintain Web Application Firewall (WAF) configurations and policies to protect web applications.
  • Ensure network security controls align with organizational security standards.
  • Provide on-call support during non-office hours for critical incidents and scheduled security operations.
  • Assist in coordinating emergency response efforts, including containment, investigation, and recovery.
  • Perform additional duties as assigned by the supervisor, including project-related security reviews or urgent security requests.
Requirements:
  • Degree in Computer Science, Information Systems, or related field.
  • Minimum of 10 years of relevant experience in technology risk management and control, with a focus on application security.
  • Relevant IT security certifications preferred (e.g., CISA, CISM, CISSP).
  • Experience with information security frameworks such as ISO 27001 and PCI-DSS.
  • Proficiency in authentication solutions like Multi-factor Authentication (MFA), OAuth2, and SAML.
  • Demonstrated knowledge and use of DevSecOps practices.
  • Strong interpersonal skills to motivate and guide stakeholders and technical experts.
  • Excellent communication skills; able to articulate complex risks to non-specialists.
  • Fluent in written and spoken English and Chinese.m
  • Ability to prioritize tasks under pressure and maintain strong documentation and reporting.
  • Self-initiative and creativity in problem-solving environments.
All applications applied through our system will be delivered directly to the advertiser and privacy of personal data of the applicant will be ensured with security.

CTgoodjobs