At AIA we've started an exciting movement to create a healthier, more sustainable future for everyone.
If you believe in developing a better tomorrow, read on.
About the Role
Report to: Senior Manager, IT Security & Asset Management
Location: Hochiminh City
Function: Customer & Information Technology | Department: IT Security & Asset Management
Role: Individual Contributor
The Opportunity:
We are currently looking for an Application Security Engineering, Lead who is responsible for:
- Ensure that applications and services are secured and implemented with the best security practices.
- Design and review security for various inter-connected application and infrastructures, especially in Cloud authentication, authorization, information protection, Compliance, and cryptographic controls for both cloud environment and on-premises.
Roles and Responsibilities:
1. Security Architecture Assessment (20%):ensure AIA Vietnam's applications for customers, agency and operations are well designed to protect data integrity and confidentiality.
- Responsible for working with application team to review security controls from design to implementation such as access control, authentication, secret management.
- Support review application vulnerabilities from multiple sources to build technical solutions to address security weaknesses.
- Responsible for reviewing new technology and systems to ensure compliance with Group standard.
2. Penetration testing & Security tool operation (40%):to ensure AIA Vietnam's applications have safeguard against potential threats.
- Responsible for coordinate with Application team, Service Delivery team to book the penetration testing.
- Manage external vendors to perform the penetration testing.
- Conduct Security Configuration Assessment / Static application security testing (SCA/SAST).
- Conduct Container Security Scan (CSS)
- Conduct Dynamic Application Security Test (DAST).
3. Security Tool Integration (40%):to ensure AIA Vietnam's infrastructure is integrated with AIA Group Security tools.
- Implement new security technologies as required to support a dynamic/challenging business environment.
- Identify operational opportunities to implement security orchestration and automation capabilities.
- Integrate with other internal systems and tools.
- Create and drive proactive monitoring and reporting for endpoint and system health including, patching, compliance, and other performance metrics.
Requirements:
- B.A Degree or higher in Information Technology related field.
- 4 years of experiences of information security domain, especially hands on experience for source code review, security operation
- Hands on experience in Programming such as .NET, java, or other scripting languages etc. is a plus
- Familiarity with Microsoft Azure Policy, Configuration, and Security Management tools is a plus.
- Security Certifications/licenses: OSCP, OSWE, Azure-related, Security+, CISA, CISSP is a plus.
- Good communication skills, especially in English to effectively work and negotiate with internal/external teams.
- Work under high pressure, goal oriented, and inspired to perform without outside help.
