Key Responsibilities:

• Lead and Manage application security service onboarding including life-cycle security assurance integration leveraging security testing tools and methologies.
• Lead and Manage the project scope, resources, and quality within budget and schedule to enhance Application Security capability and serve for business objectives.
• Lead, Build, and Enhance integration of static and dynamic security analysic into CICD and DevOps with security built into the process.
• Conduct application security assessment, and drive through reviews and mitigation approval.
• Have good understanding on China digital eco-system and best practice on cybersecurity protection.
• Support development teams to perform application vulnerabilities assessments and manage outline vulnerabilities with provided recommendations for remediation according to company guidelines and industry best pratices
• Work closely with Global Cybersecurity Service team to ensure all security protection measures, policies, and procedures, including general IT standards, are designed, implemented, and functioning as planned throughout China as well as globally;
• Work daily with business leaders as appropriate to understand local needs as affected by security and work with the rest of the security team to address the needs.
• As possible keep update of regional laws and practices that might affect how company handles data, implements technologies, and addresses policy violations.
• Provide spirited, positive leadership with “Can Do” mindset when working on projects, issue resolution, and prevention improvements.
• Challenge obsolete practices; question accepted truths.

Qualifications

• 8+ years experience in cybersecurity and information security or application development, passion abouit application security and cybersecurity defence for application.

? Bachelor degree in Computer Science, Computer Engineering, or equivalent degree and background.

• Able to understand security assessment report and identity false positive and security issue. Drive the issue fixing to development teams with prioritise and remediations.
• Experience in application security assessment tools such as Fortify, Veracode, Blackduck and open third party testing platforms.
• Experience SDLCs including but not limite to Scrum and DevOps
• Experience with programming languages such as C#, .Net, Java, Python, Ansible and Jenkins.
• Excellent understanding on Application Security Models, OWATPS, and Thread Modeling
• CEH, CISSP, CISM certified or equivalent qualification is preferred
• Expericence in China major Cloud provider and it’s service is plus.
• Flurent English in verbal and writing is a must

上班地址：徐汇区桂箐路65号新研大厦B座24楼