Application Security Manager

6 Months ago • 5-7 Years • Cyber Security

Job Summary

Job Description

Application Security Manager with 5+ years of experience managing and delivering security tests and compliance reviews. Expertise in OWASP, network protocols, popular security tools like Nmap, Nessus, BurpSuite, and experience in Vulnerability Assessment and Penetration Testing (VAPT).
Must have:
  • OWASP knowledge
  • Security tools
  • VAPT experience
  • Compliance reviews
Good to have:
  • Red team
  • Exploit code
  • MITRE ATT&CK
  • DevSecOps

Job Details

Line of Service

Advisory

Industry/Sector

Not Applicable

Specialism

Cybersecurity & Privacy

Management Level

Manager

Job Description & Summary

A career in our Security Architecture practice, within Cybersecurity and Privacy services, will provide you with the opportunity to help our clients implement an effective cybersecurity programme that protects against threats, propels transformation, and drives growth. As companies pivot toward a digital business model, exponentially more data is generated and shared among organisations, partners and customers. You’ll play an integral role in helping our clients ensure they are protected by developing transformation strategies focused on security, efficiently integrate and manage new or existing technology systems to deliver continuous operational improvements and increase their cybersecurity investment, and detect, respond, and remediate threats.

In joining, you’ll be a part of a team that helps organisations design and create sustainable security solutions to provide foundational capabilities and operational discipline through a focus on enterprise requirements and prioritisation, Information Technology security architecture, and the software development lifecycle.

Job Responsibilities:

  • Manage, direct and deliver cyber-attack simulations as part of the RED team activity
  • Manage, direct and deliver Vulnerability Assessment (VA) and Penetration Testing (PT) and configuration review for network, web, mobile and thick-client applications, APIs, POS etc
  • Manage, direct and deliver source-code review using automated and manual approaches, review results to eliminate false positives
  • Manage, direct and deliver configuration reviews for OS , DB, Firewall, routers, switches and other security devices/components
  • Perform and deliver gap analysis and assessments based on standards, guidelines, notices, circulars (eg., ISO27K1, MAS TRM, HKMA etc)
  • Prepare and review detailed reports and ensure timely delivery of status updates and final reports to clients

Provide technical guidance with respect to the development and execution of our key application security service offerings, including:

  • conducting assessments of applications (web, cloud, mobile, API) using range of manual and automated source code review techniques;
  • performing security architecture reviews and risk assessments for applications in design and production phases;
  • identifying potential threats and attacks to applications systems through threat modeling;
  • identifying security recommendations and aligning them to appropriate risk ranking systems;
  • integrating application security tools and process in pipeline;
  • agile penetration testing; evaluating, developing, enhancing and/or running application security programs for our clients;
  • conducting the above with a specific focus on DevSecOps.
  • Manage client stakeholders, provide project status updates, discuss findings and explain recommendations
  • Work with clients to analyze, evaluate, and enhance the effectiveness of their application/product security posture at procedural and technological levels from design to deployment.
  • Keep abreast of the latest IT Security news, exploits, hacks

Essential Skills:

  • Manage projects, team members and client stakeholders for successful delivery
  • Manage project economics
  • Thorough and practical knowledge of OWASP, network protocols, data on the wire, and covert channels
  • Hands on experience with popular security tools – Nmap, Nessus, Kali, Metasploit, BurpSuite, Netsparker, OWASP CSRF Tester, Fortify/Checkmarx, SonarQube, Synopsys, SQLite browser, Drozer
  • Working knowledge of manual testing of web applications
  • Understands Software Development Life Cycle and SOAP, REST and GraphQL APIs
  • Skills in performing VAPT for Web applications, Mobile applications, APIs, Network infrastructure, Thick client applications
  • Good knowledge of modifying and compiling exploit code
  • Good understanding and knowledge of codes languages
  • Has practical experience in auditing various OS, DB, Network and Security technologies
  • Strong understanding Unix/Linux/Mac/Windows, operating systems, including bash and Powershell

Experience in at least three of the following:

  • Set up and operate red team infrastructure
  • Perform targeted, covert penetration tests with vulnerability identification, exploitation, and post-exploitation activities
  • Email, phone, or physical social-engineering assessments
  • Developing, extending, or modifying exploits, shellcode or exploit tools
  • Reverse engineering malware, data obfuscators, or ciphers
  • Strong credentials in wireless, web application, and network security testing
  • Familiar with MITRE ATT&CK framework and D3FEND matrix

Educational Requirements & Experience

  • Bachelors in Computer Science/IT/Electronics Engineering or equivalent University degree.
  • Minimum of 5-7 years of experience in the managing and delivering security tests and compliance review projects.
  • Certifications: CREST CRT, CREST CPSA, Offensive Security Certified Professional (OSCP), GIAC Certified Web Application Defender (GWEB)
  • Other Certifications: OSWP, BSCP, Certified Red Team Professional

Education (if blank, degree and/or field of study not specified)

Degrees/Field of Study required: Bachelor of Science - Information Technology

Degrees/Field of Study preferred:

Certifications (if blank, certifications not specified)

Required Skills

Optional Skills

Desired Languages (If blank, desired languages not specified)

Travel Requirements

Not Specified

Available for Work Visa Sponsorship?

No

Government Clearance Required?

Yes

Job Posting End Date

Similar Jobs

Paytm - Devops - Senior DevOps Engineer

Paytm

Noida, Uttar Pradesh, India (On-Site)
6 Months ago
Playgendary - DevOps (Cloud Engineer)

Playgendary

Limassol, Limassol, Cyprus (Remote)
2 Months ago
Hacksaw Studios - Game Client Framework Developer

Hacksaw Studios

Stockholm, Stockholm County, Sweden (Remote)
8 Months ago
G5 Games - Monitoring Engineer

G5 Games

Tbilisi, Tbilisi, Georgia (Remote)
1 Month ago
NVIDIA - Senior HPC AI Cluster Engineer

NVIDIA

Yokne'am Illit, North District, Israel (On-Site)
3 Months ago
Morning Star - Senior Application Security Architect

Morning Star

Chicago, Illinois, United States (Hybrid)
6 Months ago
SmileGate - Security Infrastructure Operations Manager

SmileGate

Seongnam-si, Gyeonggi-do, South Korea (On-Site)
3 Months ago
CloudLinux - Senior Python Developer (Security)

CloudLinux

Valencian Community, Spain (Remote)
4 Weeks ago
Google - Security Engineer, Detection

Google

Sydney, New South Wales, Australia (On-Site)
1 Week ago
Rackspace Technology - SOC Analyst L3 (Sentinel is mandatory) - R-19060

Rackspace Technology

Gurugram, Haryana, India (Hybrid)
6 Months ago

Get notifed when new similar jobs are uploaded

Similar Skill Jobs

Rackspace Technology - Security Engineer L3 (Endpoint Security)

Rackspace Technology

Gurugram, Haryana, India (Remote)
4 Weeks ago
Corsair - Performance Engineer

Corsair

Vietnam (On-Site)
1 Month ago
Offworld - DevOps Engineer

Offworld

New Westminster, British Columbia, Canada (On-Site)
4 Weeks ago
The Mill - Senior Systems Engineer

The Mill

New York, New York, United States (On-Site)
9 Months ago
N-iX - Senior Performance Test Engineer

N-iX

Ukraine (Remote)
1 Week ago
ByteDance - Linux Kernel Software Engineer

ByteDance

San Jose, California, United States (On-Site)
1 Week ago
ION - Cloud Engineer Kubernetes

ION

Milan, Lombardy, Italy (Hybrid)
6 Months ago
Next Level Business Services - Java UI Developer

Next Level Business Services

Tampa, Florida, United States (On-Site)
5 Months ago
Zeta - Engineering Manager - Cloud Security (DevSecOps)

Zeta

Bengaluru, Karnataka, India (On-Site)
6 Months ago
Krafton  - Publishing Tech PM (3+ years experience)

Krafton

Seoul, South Korea (On-Site)
2 Weeks ago

Get notifed when new similar jobs are uploaded

Jobs in Makati, Metro Manila, Philippines

Enphase Energy - Regional Sales Manager, Philippines

Enphase Energy

Philippines (Remote)
3 Months ago
ByteDance - Search Operations Team Lead - Trust & Safety Philippines

ByteDance

Pasig, Metro Manila, Philippines (On-Site)
1 Week ago
ByteDance - Product Operations, Search Ads AI Data Service - Trust & Safety

ByteDance

Pasig, Metro Manila, Philippines (On-Site)
1 Week ago
PwC - Talent Acquisition Associate

PwC

Makati, Metro Manila, Philippines (Hybrid)
5 Months ago
PwC - Admin Assistant II

PwC

Makati, Metro Manila, Philippines (On-Site)
6 Months ago
ByteDance - Product Operations - Search Evaluation and Investigation - Manila

ByteDance

Pasig, Metro Manila, Philippines (On-Site)
5 Months ago
ByteDance - Data Management and Strategy Intern

ByteDance

Taguig, Metro Manila, Philippines (On-Site)
1 Month ago
PwC - Risk Assurance Information Technology Trainee

PwC

Makati, Metro Manila, Philippines (On-Site)
6 Months ago
Animoca Brands - Game Developer

Animoca Brands

Philippines (Remote)
7 Months ago
PwC - SAP FICO Professional Senior Associate

PwC

Makati, Metro Manila, Philippines (On-Site)
6 Months ago

Get notifed when new similar jobs are uploaded

Cyber Security Jobs

ByteDance - Executive Protection Specialist

ByteDance

Singapore (On-Site)
2 Months ago
Google - Software Engineer III, Security/Privacy, Google Cloud Security and Privacy

Google

New York, New York, United States (On-Site)
1 Week ago
Rackspace Technology - SOC Analyst L3 (Sentinel is mandatory) - R-19060

Rackspace Technology

Gurugram, Haryana, India (Hybrid)
6 Months ago
Google - Silicon System Security Architect

Google

San Diego, California, United States (On-Site)
1 Week ago
Trend Micro - (Sr.) Cloud Developer (Vision One)

Trend Micro

Taipei City, Taiwan (On-Site)
6 Months ago
Varonis  - Technical Support Engineer L2

Varonis

Sydney, New South Wales, Australia (Remote)
3 Weeks ago
PwC - IN- Senior Associate–Agile PM -Advisory Corporate– Advisory –Bangalore

PwC

Bengaluru, Karnataka, India (On-Site)
6 Months ago
Saviynt - Consultant, Professional Services, IAM/IGA

Saviynt

Bengaluru, Karnataka, India (Hybrid)
6 Months ago
Google - Security Analyst

Google

Hyderabad, Telangana, India (On-Site)
4 Days ago

Get notifed when new similar jobs are uploaded

About The Company

At PwC, our purpose is to build trust in society and solve important problems. We’re a network of firms in 152 countries with over 327,000 people who are committed to delivering quality in assurance, advisory and tax services. Find out more and tell us what matters to you by visiting us at www.pwc.com. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity.


Content on this page has been prepared for general information only and is not intended to be relied upon as accounting, tax or professional advice. Please reach out to your advisors for specific advice.

Nicosia, Nicosia, Cyprus (On-Site)

Gurugram, Haryana, India (On-Site)

Bangkok, Bangkok, Thailand (On-Site)

Kuala Lumpur, Federal Territory Of Kuala Lumpur, Malaysia (On-Site)

Jakarta, Jakarta, Indonesia (Hybrid)

Mumbai, Maharashtra, India (On-Site)

Warsaw, Masovian Voivodeship, Poland (Hybrid)

Kolkata, West Bengal, India (On-Site)

Kolkata, West Bengal, India (On-Site)

View All Jobs

Get notified when new jobs are added by PWC

Level Up Your Career in Game Development!

Transform Your Passion into Profession with Our Comprehensive Courses for Aspiring Game Developers.

Job Common Plug