职位信息
Responsibilities
? Application Security testing (leading role)
? Guide application teams to fulfill SAST (Static App Sec Testing by Veracode), DAST
(Dynamic App Sec Testing by AppScan) and Penetration Test (with external vendor)
requirements per AIA procedures.
? Provide assistance to the technology teams in the resolution of identified risk and
vulnerabilities identified through control assessment and/or security testing.
? Secure SDLC & DevSecOps (leading role)
? Advise and assist the development team on the Secure Software development lifecycle
activities.
? Study and promote the DevSecOps practice, including CI/CD pipeline security set up,
container secuirty scanning, and dashboarding configuration, monitoring and reporting.
? Documentation & Dashboarding (leading role)
? Maintain and revise existing application security related procedure documents.
? Improve the Application security risk assessment framework so functional and nonfunctional
security controls of the applications are properly assessed and verified.
? Monitor application security activities throughout AIA entities and consolidate them into
periodic dashboard for regular reporting to both Group Office and Local Business Units.
? Security champion (leading role)
? Support and maintain the regional application inventory together with system support
team.
? Assist to Support and coordinate the security training related exercises, including online
eLearning and classroom-based Instructor Led Training (ILT).
? App Risk Assessment & Security Tollgate (supporting role)
? Perform Security design reviews and application threat modelling on new applications.
? Conduct Application Security Risk assessment on existing applications based on security
controls defined by the Group following AIA Security Tollgate process.
? Ensure the risks identified are clearly defined and documented with appropriate evidence.
Requirements
? Degree in Computer Science or related discipline.
? 3+ years’ experience in a hands-on technical role in Information Security or related discipline.
? Previous experience in app development (Java, C#, Objective-C, etc.) is highly advantageous.
? Previous experience in DevOps/DevSecOps and Container security is highly advantageous.
? Previous experience in penetration testing services and techniques is highly advantageous.
? Excellent written and verbal communication skills and ability to escalate timely to management.
? Ability to define, prioritize and execute process in a structured manner.
? Excellent knowledge of SDLC practices and common security requirements within web and mobile
applications.
? Desirable: Previous experience in WAF (Web App Firewall) and/or anti-DDoS solutions.
? Desirable: Technical certifications: CISSP, CISA, ISO 270xx, CRISC, GWAPT, GPEN.
职能类别: 技术支持/维护经理
关键字: application
联系方式
上班地址:广州市东风东路767号东宝大厦24楼友邦资讯科技(广州)有限公司
公司信息
AIA Group Limited and its subsidiaries (collectively “AIA” or “the Group”) comprise the largest independent publicly listed pan-Asian life insurance group. It has operations in 16 markets in Asia-Pacific �C wholly-owned branches and subsidiaries in Hong Kong, Thailand, Singapore, Malaysia, China, Korea, the Philippines, Australia, Indonesia, Taiwan, Vietnam, New Zealand, Macau, Brunei, a 92 per cent subsidiary in Sri Lanka and a 26 per cent joint-venture in India.
The business that is now AIA was first established in Shanghai over 90 years ago. It is a market leader in the Asia-Pacific region (ex-Japan) based on life insurance premiums and holds leading positions across the majority of its markets. It had total assets of US$134,439 million as of 30 November 2012.
AIA meets the savings and protection needs of individuals by offering a range of products and services including retirement savings plans, life insurance and accident and health insurance. The Group also provides employee benefits, credit life and pension services to corporate clients. Through an extensive network of agents and employees across Asia-Pacific, AIA serves the holders of more than 25 million individual policies and over 13 million participating members of group insurance schemes.
AIA Group Limited is listed on the Main Board of The Stock Exchange of Hong Kong Limited under the stock code “1299” with American Depositary Receipts (Level 1) traded on the over-the-counter market (ticker symbol: “AAGIY”).
友邦保险简介
友邦保险控股有限公司及其附属公司(统称「友邦保险」或「本集团」)是最大的泛亚地区独立上市人寿保险集团,在亚太区16个市场营运,包括在中国香港、泰国、新加坡、马来西亚、中国大陆、韩国、菲律宾、澳大利亚、印度尼西亚、中国台湾、越南、新西兰、中国澳门和文莱拥有全资的分公司及附属公司、斯里兰卡附属公司的92%权益,以及印度合资公司的26%权益。
友邦保险今日的业务成就可追溯逾90年前于上海的发源地。按寿险保费计算,集团在亚太地区(日本除外)领先同业,并于大部分市场稳占领导地位。截至2012年11月30日,集团总资产值为1,344.39亿美元。
友邦保险提供一系列的产品及服务,涵盖退休储蓄计划、寿险和意外及医疗保险,以满足个人客户在储蓄及保障方面的需要。此外,集团亦为企业客户提供雇员福利、信贷保险和退休保障服务。集团透过遍布亚太区的庞大专属营销员及员工网络,为超过2,500万份个人保单的持有人及逾1,300万名团体保险计划的参与成员提供服务。
友邦保险控股有限公司于香港联合交易所有限公司主板上市(股份代号为「1299」);其美国预托证券(一级)于场外交易市场进行买卖(交易编号为「AAGIY」)。
Get email alerts for the latest"应用安全分析师 Application Risk Analyst jobs in Guangzhou"