Application Security Officer 

Location PHILIPPINES
Experience level Experienced Hire
Job details sector Information Technology

Job Purpose:

The mission consists in filling the role of Application Security Office and Vulnerability Expert for regular qualification of application vulnerability, timely monitoring, collecting, analysing application vulnerability data and delivering vulnerability mitigation recommendation to the IT Teams.  

The sources of information include but are not limited to Web Application Firewall (WAF) alerts, security scanner reports, published vulnerabilities from vendors and internal/external threat intelligence sources. The position will also support incident handling for application vulnerabilities.

 

Job Scope:

  1. Lead the application security function in Asia and work closely with Global CyberDefense teams across the world.  
  2. Identify the vulnerability severity on our applications from Various automated tools like Qualys (DAST) and SCA – J-Frog XRAY 
  3. Analyze the impact of Security bulletins on our applications (using the application component inventory) 
  4. Prioritize the patches required and Coordinate with other security team members [Qualys Scan Execution team and Center of Excellence / WAF…] to run further scans and WAF patches 
  5. Track and record decisions made on how to treat the vulnerabilities 
  6. Oversight and coordinate all work related to application vulnerability management in Asia 
  7. Analyzing structured and unstructured datasets from various sources to analyses vulnerabilities and produce remediation recommendations 
  8. Prioritize the emergency of vulnerability remediation activities 
  9. Provide technical advisory to IT Production or Development Teams to effectively remediate vulnerabilities 
  10. Ensure timely follow up for remediation of vulnerabilities 
  11. Recommend compensatory measures when remediation takes time and the vulnerability exposure windows is not acceptable in regard to the threat level 
  12. Report on mitigation status and threat exposure 
  13. Own the application vulnerability management process and strive to optimize it 
  14. Assist in investigation of security issues by reviewing the results of WAF alerts and other vulnerability identification (vulnerability scanning, penetration testing, etc.) 
  15. Consult on incident handling which includes implementation of containment, protection and remediation activities 
  16. Perform manual testing using tool such as Burp suite 
  17. Flexible in supporting stream lining application security process and SSDLC and  
  18. Support initiative for improving overall application security maturity  
  19. Coordinate with Infra Security team for SCA vulnerabilities, identified through Qualys VM process.  
  20. Supporting Cloud migration project from application security standpoint and setting up the new process
  • At least 10 years’ experience in Information Risk and Security management / consulting. 
  • Experience in roll out of SSDLC and Application security for enterprise products /Application 
  • Strong experience in SAST/DAST/SCA roll out.  
  • Strong understanding of performing penetration tests, vulnerability assessments and infrastructure security reviews for the web and mobile applications.  
  • Hands-on experience working with Qualys WAS and other application vulnerability scanning / pen test tools. 
  • Help Penetration testing team to high light gap and qualities check of Vulnerabilities.  
  • Strong experience on manual testing of vulnerabilities like Burpsuite ( OSCP skill set preferred) 
  • Preferred Experience in J-Frog XRAY 
  • Familiarity with the OWASP framework and application security best practices.  
  • Experienced in secure application coding and application security scanning 
  • Security Certificates in CISSP, CISA, CISM or equivalent is a great plus. 
  • Strong technical understanding of threat and vulnerability scanning  solutions, processes and systems 
  • Knowledge and hands-on experience of WAF and virtual patching 
  • Strong Knowledge of patch management  
  • Knowledge of the legal and regulatory environment within which financial organisations operate (e.g. Singapore MAS) 
  • In depth knowledge of applying  Security controls to technology operational services 
  • Strong communication skills, both written and verbal (English), to communicate effectively across a wide range of stakeholders. Proven ability to explain security issues in business language and business issues in security language 
  • Capable of producing high quality output with a strong focus on attention to detail following design and delivery methods, tools and standards 
  • Bachelors in Computer Science engineering or related fields 

Experience 

  • Demonstrable experience of designing / implementing / improving / managing / governing threat and vulnerability management service especially in applications 
  • Demonstrable experience of continuous improvement of Security threat and vulnerability  services 
  • Demonstrable experience of effective incident management support 
  • Demonstrable experience of project management in security projects preferred 

Skills 

  • Excellent communication skills 
  • Ability to understand and communicate the requirements of business departments to the information technology department and vice versa  
  • Excellent verbal and written English communication and presentation skills 
  • Excellent inter-personal 

 

Would you like to wake up every day driven and inspired by our mission of acting for human progress by protecting what matters? Here at AXA we strive to be a responsible employer, placing employee engagement at the heart of its business strategy. Achieving this means creating a workplace built on AXA's Values that foster diversity and equal opportunities for all, promotes employee participation, encourages professional development, and supports employee well-being.

We are looking for talented individuals who come from varied backgrounds, think differently and want to be part of this exciting transformation by challenging the status quo so we can push AXA - a leading global brand and one of the most innovative companies in our industry - onto even greater things.

In a fast-evolving world and with a presence in 57 countries, our 160,000 employees anticipate change to offer services and solutions tailored to the current and future needs of our 108 million customers.


AXA is becoming a sustainable tech-led company and at AXA Group Operations we are one of the major catalysts for this transformation. 

We set the tone by triggering and empowering the evolution of our insurance business model through technology and innovation, driving its concrete implementation globally at speed, with a high quality of advisory and execution.

We are present across 17 countries with committed, highly qualified teams. We leverage technology, data, sourcing, security and investment allocation in a global way, but also achieve economies of scale and synergies when necessary.

At AXA Group Operations, we want to be recognized in three fields of action:

  • State-of-the-art Data Technology to drive customer experience
  • State-of-the-art Procurement & Sourcing to drive efficiency and better manage risks
  • High-Performing Global Team for stronger partnerships with AXA entities 

We bring together the expertise, cultural diversity and creativity of over 8,000 employees worldwide and we’re committed to equal opportunities in all aspects of employment (gender, LGBT+, disabled persons, or people of different origins) and to promoting Diversity & Inclusion by creating a work environment where all employees are treated with dignity and respect, and where individual differences are valued.