it security â€" application Security OfficerAXA Group Operations Malaysia Sdn Bhd

Bring support on infrastructure related security topics and ensure reliability of local entities feedback by performing security assurance testing * Enforce application security initiative and implement security in Project Development Life Cy Bring support on infrastructure related security topics and ensure reliability of local entities feedback by performing security assurance testing Enforce application security initiative and implement security in Project Development Life Cycle (which includes Software Development Life Cycle) Monitor and validate progress on the remediation implemented to address outstanding issues/vulnerabilities Manages internal and external VAPT engagements conducted by external vendor. Ensures closure of audit finding. Review result and methodology from vulnerability scan and penetration test conducted by vendor Perform manual or automated tests to validate remediation Perform technical and security reviews on servers, network devices, and applications Work with internal teams to resolve security findings Take the corrective action needed to meet the standards required by security policy, procedures, network architectures and software design Ensure a seamless remediation response to the needs of business units, IT managers, and local and Group security managers Promote security awareness program on secure coding and systems development life cycle Review vulnerabilities and threats of applications and software before installation Other tasks or duties that may be assigned in line with the Information Security Program EXPERIENCE %26amp; QUALIFICATIONS: %26middot; University degree in Computer Science or related fields. %26middot; Expert knowledge of software designs and how to secure them %26middot; Expertise in analyzing and securing web and application designs %26middot; Expert in security assurance testing (application security, vulnerability management, and penetration testing) %26middot; Expertise in data encryption: storage, transfer via a network; and application-level authentication %26middot; Knowledgeable with Qualys and Xray scan %26middot; Knowledgeable in Top 10 OWASP %26middot; Ability to audit vulnerabilities and mitigate risks %26middot; Expertise in managing and protecting systems against threats %26middot; Knowledgeable in ISO standards 27001/27002 is a plus %26middot; CISSP, CISA, CEH, GCIH or GPEN certification would be a plus %26middot; A minimum of three-year experience in the field of Information Security, Technology Risk, or IT Audit. %26middot; Understand technologies and issues on systems reliability, security, and disaster recovery. %26middot; Able to develop a clear understanding of clients and customers%26rsquo; technology needs. %26middot; Understand the linkage between information technology and business value. %26middot; Conversant and knowledgeable on the latest technology innovations and possibilities, understanding how key technologies can help address security issues. %26middot; Excellent project management skills and a strong ability to prioritize to achieve target dates. %26middot; Knowledgeable in VAPT tools %26middot; Possesses excellent verbal and written communication and presentation skills in English.
Monster

Philippines
Permanent
Full-time