Oversees, evaluates, and supports the documentation, validation, assessment, and authorization processes necessary to assure that existing and new products meet the organization's cybersecurity and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives.
Head of Product Security
Provide subject matter expertise on secure architecture, design and coding practices based on current knowledge of security threats and vulnerabilities that could impact the technology stack.
Support definition of Secure SDLC standard to include security architecture, design and coding requirements for infrastructure, application and data to align with application security maturity model and adopt a shift-left approach for security.
Evaluate various application security tools including SAST, DAST, SCA, IAST and Pen Testing and operationalize security tools for integration with CI/CD.
Perform application testing and review security test results from scans and penetration testing to identify viable vulnerabilities that may be exploited and propose remediation solutions or mitigation controls.
Develop security controls and processes for products and services developed and deployed for cloud environments.
Perform threat modeling, conduct security architecture reviews and provide training to architects and developers to enhance adoption of secure coding practice within the product development lifecycle.
Provide security related coaching and expertise to drive and elevate security expertise within the development teams.
Lead security innovation and best practices in product development through collaboration and learning from industry professionals and consortiums
Qualification and Education Requirements:
Bachelor’s Degree in Information Security Technology or the equivalent combination of education, training or experience
3+ years experience in Software security testing, Penetration testing, Vulnerability, review code, information assurance, incident handling, vulnerability management and vulnerability analysis, and assistance programs, security risk, threat management, security network architecture
Expert knowledge in security best practices, principles and common security frameworks such as OWASP, BSIMM, NIST and ISO
Experience building secure software based on frameworks such OWASP, BSIMM and SANS
Experience in software development including Java, Golang, Python, and scripting languages
Knowledge of secure architecture and design patterns for Web, Mobile and Microservices
Knowledge of current and emerging threats and techniques for exploiting security vulnerabilities
Experience securing cloud infrastructure and applications
Experience with methodologies and security testing tools for threat analysis of complex applications and services including threat modeling, software fuzzing, static and dynamic analysis and penetration testing.
Advanced organizational, planning and time management skills
Advanced communication, presentation and analytical skills
Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.
Ability to interpret and understand complex and rapidly evolving concepts.
Ability to think critically.
Ability to think like threat actors.
Thông tin khác
13th salary, rewards for achievements, initiatives and good deeds
Annual leave: 15 – 20 working days/year and Other leaves/public holidays
Providing customized training courses according to business needs and upon your request
Nơi làm việc
Tower 2 Times City, 458 Minh Khai, Hai Bà Trưng, Hà Nội
Chú ý: Toàn bộ thông tin đăng tải thuộc quyền sở hữu của ONE MOUNT GROUP. Chúng tôi chỉ đang cố gắng đưa thông tin nhanh nhất và chính xác nhất tới các bạn. Trường hợp phát hiện có nội dung không chính xác, các bạn có thể thông báo bằng cách liên lạc với chúng tôi qua cửa sổ liên lạc phía dưới-góc phải màn hình.