Talent.com
This job offer is not available in your country.
Application Security Solution Architect - AVP - Information Security - IT

Application Security Solution Architect - AVP - Information Security - IT

Hong Kong Exchanges and Clearing LimitedHong Kong
9 days ago
Job description

Responsibilities

  • Architectural Oversight : Ensure that the information and cybersecurity architecture and solution designs for applications are engineered according to specifications and within acceptable risk tolerance levels, focusing on application-specific contexts.
  • Support Development Teams : Collaborate with development teams to implement application-specific threat modeling, secure coding practices, and the effective use of application security assurance tools to enhance the security of software products.
  • Integration Architecture Rmendations : Provide expert rmendations on application-level integration architecture, focusing on secure coding practices, web application firewalls, softwareposition analysis, static and dynamic code scanning, Software Bill of Materials (SBOM), and security measures within CI / CD pipelines, all crucial for securing application deployments.
  • Application Security Assurance Tool Experience : Leverage experience with application security assurance tools, including onboarding, triaging issues, and assisting developers, to ensure that applications are built and maintained with robust security measures.
  • Collaboration with Security Engineering : Work closely with the Security Engineering team to integrate security solutions into application development processes, ensuring that security is a fundamental aspect of the application lifecycle.
  • Requirement Creation and Review : Develop and review functional and non-functional security requirements specifically tailored for application projects, ensuring these requirements enhance the security posture of applications.
  • System Architecture Review : Conduct thorough reviews of application architecture and designs to ensure that all solutions have undergone appropriate security assurance and meet established security acceptance criteria, thereby protecting applications from vulnerabilities.
  • Security Reference Patterns Development : Create and present application security reference patterns and technical security standards that guide secure application development, ensuringpliance with the Information Security Policy.
  • Data Security : Create or review implementation of data layer protective and detective control patterns for data storage technologies, from high level SAAS applications to specific technologies, such as Databases, Kafka queues, object storage systems.
  • Kubernetes / Cloud Security Expertise : Apply knowledge of Kubernetes / Cloud security technologies to enhance the security of applications deployed in containerized environments, addressing specific risks associated with cloud-native applications.
  • Application Architecture Understanding : Demonstrate aprehensive understanding of application architecture to apply relevant security controls and systems, minimizing cybersecurity risks specific to the application's design and functionality.
  • Collaborative Project Delivery : Work collaboratively with project delivery and operational teams to ensure that applications are delivered on time and meet high-quality security standards throughout the system delivery lifecycle.

Job Requirement :

Academic and Professional Qualifications Required :

  • Should have a relevant University degree inputer Science, Information Management, or related field, or equivalent experience.
  • Should have relevant experience with information security and enterprise architecture methods and frameworks (, SABSA, TOGAF, NIST CSF)
  • Cyber Security certifications, such as SABSA, CCSP (Certified Cloud Security Professional), CISSP (Certified Information Systems Security Professional) or security specific cloud certifications such as AWS, Azure, GCP, AliBaba Cloud, Kubernetes, etc would be looked upon favourably

    • Required Knowledge and Level of Experience :

  • Must have significant and wide experience in the information and cyber security industry.
  • Must have subject matter expertise in application threat modelling, secure coding practices in either Java or C++ (or other languages such as .Net, , go); and DevSecOps practices.
  • Must have current experience of automated build and deployment pipelines and how to both secure a pipeline and assure the security of artefacts in a pipeline.
  • Should have current experience of software and system assurance methodologies and associated vulnerability management and risk management practices.
  • Should have current experience of operating one or more of SAST, SCA, DAST, IAST and SBOM.
  • Should be able to perform automation scripting leveraging python and API's
  • Should have relevant experience with industry best-practice approaches to the design, implementation, operation and management of IT systems (, Agile, Waterfall, ITIL, COBIT).
  • Should have recent experience of delivering solutions security in public and / or private cloud.

    • Optional Knowledge and Experience :

  • Should have experience security Kubernetes technology and familiar with secrets management, PKI, service mesh, Istio, etc.
  • Should have experience of developing / contributing to security policies and standards.
  • Should have current experience securing automated build and deployment pipelines and securing artefacts
  • Should have familiarity with internal audit, risk and control management
  • Relevant information security experience working with or for a global exchange, or similar regulated financial market infrastructure or critical national infrastructure would be looked upon favourably.

    • Skills set and Corepetencies Required for Role :

  • An intelligent, articulate, consensus building and persuasive self-starter.
  • Must have a strong business acumen and technology knowledge.
  • Must be able tomunicate information security-related concepts to a broad range of audiences.
  • Experience of effective stakeholder management and collaborative mindset.
  • Able to deliver within a fast-moving high-pressure environment, balancing multiple work streams and deliverables.

    • Personal Qualities :

  • Open and approachable, with ability to work well within a team.
  • Effective oral and writtenmunicator

    • HKEX ismitted as an Equal Opportunity Employer. Diversity is one of our core values and we look to support, respect diverse perspectives, abilities, culture and experiences within our workplace.

    Location : HKEX - TKO

    Shift : N / A

    Scheduled Weekly Hours :

    Worker Type :

    Permanent Job ID R002357

    Create a job alert for this search

    Solution Architect • Hong Kong

    Related jobs
    Information Security Engineer

    Information Security Engineer

    Autotoll LimitedHong Kong
    To cope with our expansion and continuous growth in the transportation and logistics related service, we are inviting talents to join our professional team. Assist in the implementation and maintena...Show moreLast updated: 30+ days ago
    Information Security Manager

    Information Security Manager

    China Mobile International LimitedHK
    Information Security ManagerHeadquartersHKDigital TechnologyApplyStaff Application.Manage daily operations, monitoring, and troubleshooting of IT infrastructure (servers, networks, storage, databas...Show moreLast updated: 17 days ago
    Application Security Engineer (Pentester)

    Application Security Engineer (Pentester)

    Crypto.comHong Kong, Other / Non-US, Hong Kong,
    Quick Apply
    Discover security vulnerabilities through design review, source code review and penetration testing, either manually or by using automated tools, and follow up on the remediation process.Participan...Show moreLast updated: 6 days ago
    Assistant Vice President, Information Security

    Assistant Vice President, Information Security

    Shangri-LaHong Kong SAR
    Bachelors degree holder, preferably in a relevant discipline.Minimum 6 years of relevant experience in managing information security function for a sizable company. Hands-on experience in developing...Show moreLast updated: 30+ days ago
    Senior IT Security Officer / IT Security Officer (Ref : CO-ISO)

    Senior IT Security Officer / IT Security Officer (Ref : CO-ISO)

    Public Bank (Hong Kong) LimitedHong Kong
    Implement and maintain network and security infrastructure.Perform security logs review and apply security patches.Performance monitoring on network and security equipment.University degree in Comp...Show moreLast updated: 30+ days ago
    Assistant Manager, Business Information Security Office

    Assistant Manager, Business Information Security Office

    Prudential plcHong Kong
    Prudential’s purpose is to be partners for every life and protectors for every future.Our purpose encourages everything we do by creating a culture in which diversity is celebrated and inclusion as...Show moreLast updated: 17 days ago
    [LPS] Senior Security Architect (CoE)

    [LPS] Senior Security Architect (CoE)

    LenovoHong Kong, Hong Kong
    To lead the development of our Center of Excellence (CoE) for Cybersecurity services within our IT service organization.This role will be pivotal in designing and delivering innovative cybersecurit...Show moreLast updated: 7 days ago
    Information Security Officer

    Information Security Officer

    C & C Joint Printing Co (HK) LtdHong Kong
    Support and maintain Information Security Management System (ISMS) in accordance with the standard of ISO 27001.Ensure the accuracy of the ISMS documentation, develop and maintain information secur...Show moreLast updated: 30+ days ago
    Senior IT Security Engineer - FS

    Senior IT Security Engineer - FS

    HaysHong Kong
    Implement and maintain security measures to protect systems, networks, and data.Conduct routine audits, vulnerability assessments, and system monitoring. Respond to security breaches and incidents w...Show moreLast updated: 5 days ago
    Solution Architect

    Solution Architect

    FanoHong Kong
    Design software solutions using the company’s AI products to meet customer needs.Provide technical support during pre-sales and post-sales phases. Examine current system architecture and work with c...Show moreLast updated: 30+ days ago
    Assistant Manager - In-house IT (Cyber Security / Application Security) - HK

    Assistant Manager - In-house IT (Cyber Security / Application Security) - HK

    DeloitteHong Kong
    With strong background in both IT and Security.You'll use this dual expertise as you work closely with the internal / external development / technology team on various security checkpoints in defining...Show moreLast updated: 9 days ago
    Lead, Information Security Assurance

    Lead, Information Security Assurance

    AXA GroupHONG KONG
    Provide professional security advisory and recommendations on solutions architecture, business project requirements, and security related enquiry. Develop and maintain security policies and process ...Show moreLast updated: 30+ days ago
    Head of Information Security - APAC

    Head of Information Security - APAC

    BSIHong Kong
    Great that you're thinking about a career with BSI!.Head of Information Security – APAC.As the Head of Information Security for our APAC region, you be the business facing part of the information s...Show moreLast updated: 7 days ago
    Information Security Lead

    Information Security Lead

    Captar PartnersHong Kong
    Our client is a leading global professional firm operating in over thirty countries.The Lead Information Security Engineer role’s is to safeguard the organization’s IT systems and data.This role re...Show moreLast updated: 13 days ago
    Application Security Specialist & Penetration Tester

    Application Security Specialist & Penetration Tester

    Wizlynx GroupHong Kong
    As Application Security Specialist& Penetration Tester, you will lead and execute a variety of engagements, conducting secure code review and advanced hands-on penetration testing beyond automated ...Show moreLast updated: 30+ days ago
    Principal, Information Security

    Principal, Information Security

    AIA International Limited.Hong Kong
    At AIA we've started an exciting movement to create a healthier, more sustainable future for everyone.As pioneering innovators for over 100 years, we're now transforming our organisation to be fast...Show moreLast updated: 7 days ago
    IT Security Manager.

    IT Security Manager.

    PCCWHong Kong HK, HK
    Responsible for maintaining and improving the IT security posture of an on-premise, large-scale IT system with over 1K servers for a HKSAR government sector customer. Non-supervisory position, but w...Show moreLast updated: 30+ days ago
    IT Security Controls Lead

    IT Security Controls Lead

    Cathay Pacific Airways LimitedHong Kong SAR (China)
    IT Security Controls Senior Lead.Assist Team manager to develop, monitor and validate IT security controls within the company IT environment. Coaching junior analyst to keep improve all IT security ...Show moreLast updated: 17 days ago