Application Security Manager

9 Months ago • 5-7 Years

Job Summary

Job Description

Application Security Manager with 5+ years of experience managing and delivering security tests and compliance reviews. Expertise in OWASP, network protocols, popular security tools like Nmap, Nessus, BurpSuite, and experience in Vulnerability Assessment and Penetration Testing (VAPT).
Must have:
  • OWASP knowledge
  • Security tools
  • VAPT experience
  • Compliance reviews
Good to have:
  • Red team
  • Exploit code
  • MITRE ATT&CK
  • DevSecOps

Job Details

Line of Service

Advisory

Industry/Sector

Not Applicable

Specialism

Cybersecurity & Privacy

Management Level

Manager

Job Description & Summary

A career in our Security Architecture practice, within Cybersecurity and Privacy services, will provide you with the opportunity to help our clients implement an effective cybersecurity programme that protects against threats, propels transformation, and drives growth. As companies pivot toward a digital business model, exponentially more data is generated and shared among organisations, partners and customers. You’ll play an integral role in helping our clients ensure they are protected by developing transformation strategies focused on security, efficiently integrate and manage new or existing technology systems to deliver continuous operational improvements and increase their cybersecurity investment, and detect, respond, and remediate threats.

In joining, you’ll be a part of a team that helps organisations design and create sustainable security solutions to provide foundational capabilities and operational discipline through a focus on enterprise requirements and prioritisation, Information Technology security architecture, and the software development lifecycle.

Job Responsibilities:

  • Manage, direct and deliver cyber-attack simulations as part of the RED team activity
  • Manage, direct and deliver Vulnerability Assessment (VA) and Penetration Testing (PT) and configuration review for network, web, mobile and thick-client applications, APIs, POS etc
  • Manage, direct and deliver source-code review using automated and manual approaches, review results to eliminate false positives
  • Manage, direct and deliver configuration reviews for OS , DB, Firewall, routers, switches and other security devices/components
  • Perform and deliver gap analysis and assessments based on standards, guidelines, notices, circulars (eg., ISO27K1, MAS TRM, HKMA etc)
  • Prepare and review detailed reports and ensure timely delivery of status updates and final reports to clients

Provide technical guidance with respect to the development and execution of our key application security service offerings, including:

  • conducting assessments of applications (web, cloud, mobile, API) using range of manual and automated source code review techniques;
  • performing security architecture reviews and risk assessments for applications in design and production phases;
  • identifying potential threats and attacks to applications systems through threat modeling;
  • identifying security recommendations and aligning them to appropriate risk ranking systems;
  • integrating application security tools and process in pipeline;
  • agile penetration testing; evaluating, developing, enhancing and/or running application security programs for our clients;
  • conducting the above with a specific focus on DevSecOps.
  • Manage client stakeholders, provide project status updates, discuss findings and explain recommendations
  • Work with clients to analyze, evaluate, and enhance the effectiveness of their application/product security posture at procedural and technological levels from design to deployment.
  • Keep abreast of the latest IT Security news, exploits, hacks

Essential Skills:

  • Manage projects, team members and client stakeholders for successful delivery
  • Manage project economics
  • Thorough and practical knowledge of OWASP, network protocols, data on the wire, and covert channels
  • Hands on experience with popular security tools – Nmap, Nessus, Kali, Metasploit, BurpSuite, Netsparker, OWASP CSRF Tester, Fortify/Checkmarx, SonarQube, Synopsys, SQLite browser, Drozer
  • Working knowledge of manual testing of web applications
  • Understands Software Development Life Cycle and SOAP, REST and GraphQL APIs
  • Skills in performing VAPT for Web applications, Mobile applications, APIs, Network infrastructure, Thick client applications
  • Good knowledge of modifying and compiling exploit code
  • Good understanding and knowledge of codes languages
  • Has practical experience in auditing various OS, DB, Network and Security technologies
  • Strong understanding Unix/Linux/Mac/Windows, operating systems, including bash and Powershell

Experience in at least three of the following:

  • Set up and operate red team infrastructure
  • Perform targeted, covert penetration tests with vulnerability identification, exploitation, and post-exploitation activities
  • Email, phone, or physical social-engineering assessments
  • Developing, extending, or modifying exploits, shellcode or exploit tools
  • Reverse engineering malware, data obfuscators, or ciphers
  • Strong credentials in wireless, web application, and network security testing
  • Familiar with MITRE ATT&CK framework and D3FEND matrix

Educational Requirements & Experience

  • Bachelors in Computer Science/IT/Electronics Engineering or equivalent University degree.
  • Minimum of 5-7 years of experience in the managing and delivering security tests and compliance review projects.
  • Certifications: CREST CRT, CREST CPSA, Offensive Security Certified Professional (OSCP), GIAC Certified Web Application Defender (GWEB)
  • Other Certifications: OSWP, BSCP, Certified Red Team Professional

Education (if blank, degree and/or field of study not specified)

Degrees/Field of Study required: Bachelor of Science - Information Technology

Degrees/Field of Study preferred:

Certifications (if blank, certifications not specified)

Required Skills

Optional Skills

Desired Languages (If blank, desired languages not specified)

Travel Requirements

Not Specified

Available for Work Visa Sponsorship?

No

Government Clearance Required?

Yes

Job Posting End Date

Similar Jobs

PwC - Audit Manager for Work on International EU Funded Projects

PwC

Sofia, Sofia City Province, Bulgaria (On-Site)
9 Months ago
PINKERTON | Comprehensive Risk Management - Senior GSOC Specialist

PINKERTON | Comprehensive Risk Management

Karnataka, India (On-Site)
7 Months ago
Marsh McLennan - Deputy Financial and Operations Principal

Marsh McLennan

New York, United States (Hybrid)
1 Month ago
PwC - Audit Senior Associate

PwC

Bangkok, Bangkok, Thailand (On-Site)
9 Months ago
Scopely - Lead Product Manager, Growth

Scopely

United States (Remote)
1 Month ago

Get notifed when new similar jobs are uploaded

Similar Skill Jobs

PwC - Senior Associate - Risk Assurance Services (Business Solution)

PwC

Ho Chi Minh City, Ho Chi Minh City, Vietnam (On-Site)
8 Months ago
PwC - Auditeur des Systems d'Information

PwC

Douala, Littoral Region, Cameroon (On-Site)
9 Months ago
London stock Exchange - Technology and Cyber GRC Principal Specialist

London stock Exchange

Bengaluru, Karnataka, India (On-Site)
1 Month ago
PwC - Intervenant extérieur

PwC

Democratic Republic Of The Congo (On-Site)
8 Months ago
PwC - Manager - Audit and Assurance Services

PwC

Colombo, Western Province, Sri Lanka (On-Site)
9 Months ago
hogarth - Language Auditor (Bahasa Indonesia, Freelance)

hogarth

Jakarta, Indonesia (On-Site)
1 Month ago
Alpha Sense - Sr. Accounts Receivable

Alpha Sense

New York, United States (On-Site)
1 Month ago
Scopely - Vice President, Head of Internal Audit

Scopely

California, United States (On-Site)
4 Months ago
Tesla - EMEA Financial Controller - Nordics

Tesla

Stockholm, Stockholm County, Sweden (On-Site)
4 Months ago
BioFire - Associate Director, Payroll

BioFire

Salt Lake City, Utah, United States (Hybrid)
1 Month ago

Get notifed when new similar jobs are uploaded

Jobs in Makati City, Metro Manila, Philippines

kaizen gaming  - Knowledge Base Executive

kaizen gaming

Manila, Metro Manila, Philippines (Hybrid)
2 Weeks ago
Trend Micro - Backend Engineer

Trend Micro

Manila, Metro Manila, Philippines (On-Site)
16 Years ago
bytedance - Shop Tab Strategist

bytedance

Taguig, Metro Manila, Philippines (On-Site)
3 Months ago
Power Integrations - Developer, Oracle EBS

Power Integrations

Pasig, Metro Manila, Philippines (On-Site)
9 Months ago
tic toe games - 2D Animator

tic toe games

Philippines (Remote)
2 Months ago
NCR Voyix - SAS Level 1 Support

NCR Voyix

Cebu City, Central Visayas, Philippines (On-Site)
3 Weeks ago
WebFX - Remote Copywriter: Technology & SaaS

WebFX

Philippines (Remote)
8 Months ago
ISS Stoxx - Junior Analyst - Mutual Fund Fee & Expense

ISS Stoxx

Makati City, Metro Manila, Philippines (Hybrid)
1 Month ago
WebFX - Remote Copywriter: Legal

WebFX

Philippines (Remote)
8 Months ago
Dialpad AI - Billing Support Representative

Dialpad AI

Pasig, Metro Manila, Philippines (Remote)
2 Months ago

Get notifed when new similar jobs are uploaded

Similar Category Jobs

Looks like we're out of matches

Set up an alert and we'll send you similar jobs the moment they appear!

About The Company

At PwC, our purpose is to build trust in society and solve important problems. We’re a network of firms in 152 countries with over 327,000 people who are committed to delivering quality in assurance, advisory and tax services. Find out more and tell us what matters to you by visiting us at www.pwc.com. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity.


Content on this page has been prepared for general information only and is not intended to be relied upon as accounting, tax or professional advice. Please reach out to your advisors for specific advice.

Bermuda (On-Site)

Santo Domingo, Distrito Nacional, Dominican Republic (On-Site)

Santo Domingo, Distrito Nacional, Dominican Republic (On-Site)

Calgary, Alberta, Canada (Hybrid)

Athens, Greece (Hybrid)

Kuala Lumpur, Federal Territory Of Kuala Lumpur, Malaysia (On-Site)

Kuala Lumpur, Federal Territory Of Kuala Lumpur, Malaysia (On-Site)

Neuilly-sur-Seine, Île-de-France, France (On-Site)

Mumbai, Maharashtra, India (On-Site)

View All Jobs

Get notified when new jobs are added by PwC

Level Up Your Career in Game Development!

Transform Your Passion into Profession with Our Comprehensive Courses for Aspiring Game Developers.

Job Common Plug