This position oversees all cybersecurity assurance testing for company’s global business.
- Utilize various technical solutions to test self-developed and 3rd party applications, conduct reding teaming/ethical hacking, and meet other security testing request.
- Define and manage cybersecurity assurance testing strategy, policy and processes based on company’s global business needs.
- Responsible for leading COMPANY cybersecurity assurance testing operations duties and the team
- Responsible for delivering all security testing requests, including but not limited to Applications, Infrastructure, Vulnerability, Exception Validation, Ethical Hacking, etc.
- Responsible for application, web and mobile app security related assessments, security baseline, security template, code security, technical testing, and remediation plans
- Responsible for design of security practice instruction and technical solutions for the different security levels in order to protect data in terms of confidentiality, integrity and availability.
- Responsible for COMPANY’s best security practices/instruction for application development/SDLC
- Responsible for solutions to implement the SDLC security requirements and foster SDLC culture.
- Working with other info security functions and business functions on data protection and application security related topics
- Other tasks assigned by CISO
- Bachelor Degree of Information Security, Computer Science or Other Related Majors
- Solid and deep knowledge and hands-on skills on pen-testing and red-teaming
- Solid and deep knowledge and hands-on skills on using the following testing tools, Fortify for SAST, Webinspect for DAST, 3rd party dependency check, Burpsuite and Nmap
- Solid and deep knowledge and hands-on skills on application security / SDLC security in order to meet the diverse application development scenarios, including but not limited to threat modelling, code audit, waterfall development, DevOps development, and large-scale agile development.
- Solid and deep knowledge on web security based on CIS 3.0, OWASP, SANS sources and other global sources and have the solid ability to identify the risks in COMPANY’s environment
- Advanced competency to track the latest data protection and application security development from major international sources such as CIS, OWASP, SANS, etc.
- Ability to work independently with or without direction and/or supervision.
- Ability to prioritize and multitask in a complex environment.
- Ability to influence and communicate effectively with both technical and non-technical audiences