1. Responsible for leading cybersecurity assurance testing operations duties and the team
2. Responsible for delivering all security testing requests, including but not limited to Applications, Infrastructure, Vulnerability, Exception Validation, Ethical Hacking, etc.
3. Responsible for application, web and mobile app security related assessments, security baseline, security template, code security, technical testing, and remediation plans
4. Responsible for design of security practice instruction and technical solutions for the different security levels in order to protect data in terms of confidentiality, integrity and availability.
5. Responsible for best security practices/instruction for application development/SDLC
6. Responsible for solutions to implement the SDLC security requirements and foster SDLC culture.
7. Working with other info security functions and business functions on data protection and application security related topics
8. Other tasks assigned by CISO
1. Bachelor Degree of Information Security, Computer Science or Other Related Majors
2. Solid and deep knowledge and hands-on skills on pen-testing and red-teaming
3. Solid and deep knowledge and hands-on skills on using the following testing tools, Fortify for SAST, Webinspect for DAST, 3rd party dependency check, Burpsuite and Nmap
4. Solid and deep knowledge and hands-on skills on application security / SDLC security in order to meet the diverse application development scenarios, including but not limited to threat modelling, code audit, waterfall development, DevOps development, and large-scale agile development.
5. Solid and deep knowledge on web security based on CIS 3.0, OWASP, SANS sources and other global sources and have the solid ability to identify the risks in environment
6. Advanced competency to track the latest data protection and application security development from major international sources such as CIS, OWASP, SANS, etc.
7. Ability to work independently with or without direction and/or supervision.
8. Ability to prioritize and multitask in a complex environment.
9. Ability to influence and communicate effectively with both technical and non-technical audiences