Application Security Manager

Makati City, Metro Manila
Permanent
Full-time

2 months ago

Line of Service AdvisoryIndustry/Sector Not ApplicableSpecialism Cybersecurity & PrivacyManagement Level ManagerJob Description & Summary A career in our Security Architecture practice, within Cybersecurity and Privacy services, will provide you with the opportunity to help our clients implement an effective cybersecurity programme that protects against threats, propels transformation, and drives growth. As companies pivot toward a digital business model, exponentially more data is generated and shared among organisations, partners and customers. You’ll play an integral role in helping our clients ensure they are protected by developing transformation strategies focused on security, efficiently integrate and manage new or existing technology systems to deliver continuous operational improvements and increase their cybersecurity investment, and detect, respond, and remediate threats.In joining, you’ll be a part of a team that helps organisations design and create sustainable security solutions to provide foundational capabilities and operational discipline through a focus on enterprise requirements and prioritisation, Information Technology security architecture, and the software development lifecycle.Job Responsibilities:

Manage, direct and deliver cyber-attack simulations as part of the RED team activity
Manage, direct and deliver Vulnerability Assessment (VA) and Penetration Testing (PT) and configuration review for network, web, mobile and thick-client applications, APIs, POS etc
Manage, direct and deliver source-code review using automated and manual approaches, review results to eliminate false positives
Manage, direct and deliver configuration reviews for OS , DB, Firewall, routers, switches and other security devices/components
Perform and deliver gap analysis and assessments based on standards, guidelines, notices, circulars (eg., ISO27K1, MAS TRM, HKMA etc)
Prepare and review detailed reports and ensure timely delivery of status updates and final reports to clients

Provide technical guidance with respect to the development and execution of our key application security service offerings, including:

conducting assessments of applications (web, cloud, mobile, API) using range of manual and automated source code review techniques;
performing security architecture reviews and risk assessments for applications in design and production phases;
identifying potential threats and attacks to applications systems through threat modeling;
identifying security recommendations and aligning them to appropriate risk ranking systems;
integrating application security tools and process in pipeline;
agile penetration testing; evaluating, developing, enhancing and/or running application security programs for our clients;
conducting the above with a specific focus on DevSecOps.
Manage client stakeholders, provide project status updates, discuss findings and explain recommendations
Work with clients to analyze, evaluate, and enhance the effectiveness of their application/product security posture at procedural and technological levels from design to deployment.
Keep abreast of the latest IT Security news, exploits, hacks

Essential Skills:

Manage projects, team members and client stakeholders for successful delivery
Manage project economics
Thorough and practical knowledge of OWASP, network protocols, data on the wire, and covert channels
Hands on experience with popular security tools – Nmap, Nessus, Kali, Metasploit, BurpSuite, Netsparker, OWASP CSRF Tester, Fortify/Checkmarx, SonarQube, Synopsys, SQLite browser, Drozer
Working knowledge of manual testing of web applications
Understands Software Development Life Cycle and SOAP, REST and GraphQL APIs
Skills in performing VAPT for Web applications, Mobile applications, APIs, Network infrastructure, Thick client applications
Good knowledge of modifying and compiling exploit code
Good understanding and knowledge of codes languages
Has practical experience in auditing various OS, DB, Network and Security technologies
Strong understanding Unix/Linux/Mac/Windows, operating systems, including bash and Powershell

Experience in at least three of the following:

Set up and operate red team infrastructure
Perform targeted, covert penetration tests with vulnerability identification, exploitation, and post-exploitation activities
Email, phone, or physical social-engineering assessments
Developing, extending, or modifying exploits, shellcode or exploit tools
Reverse engineering malware, data obfuscators, or ciphers
Strong credentials in wireless, web application, and network security testing
Familiar with MITRE ATT&CK framework and D3FEND matrix

Educational Requirements & Experience

Bachelors in Computer Science/IT/Electronics Engineering or equivalent University degree.
Minimum of 5-7 years of experience in the managing and delivering security tests and compliance review projects.
Certifications: CREST CRT, CREST CPSA, Offensive Security Certified Professional (OSCP), GIAC Certified Web Application Defender (GWEB)
Other Certifications: OSWP, BSCP, Certified Red Team Professional

Education (if blank, degree and/or field of study not specified) Degrees/Field of Study required: Bachelor of Science - Information TechnologyDegrees/Field of Study preferred:Certifications (if blank, certifications not specified)Required SkillsOptional SkillsDesired Languages (If blank, desired languages not specified)Travel Requirements Not SpecifiedAvailable for Work Visa Sponsorship? NoGovernment Clearance Required? YesJob Posting End Date

PwC

Apply Now