Application Security Architect

Head of Cyber Security

The role of an Application Security Architect encompasses a wide range of responsibilities centred around ensuring the security and efficient operation of software and web applications from inception to retirement. This role is pivotal in ensuring the MAGs applications are secure, compliant, and running efficiently. It requires staying abreast of the latest security trends and technologies, especially in the rapidly evolving domain of cloud-native applications.

• General Accountabilities
  
  1. Integrate security tools, standards, and processes into the Product Life Cycle (PLC), ensuring compliance with SDLC and OWASP Top 10.
  2. Enhance API security using tools like GIT, SCA, and WebInspect.
  3. Improve deployment of application security tools for static analysis and runtime testing.
  4. Maintain secure development standards for technologies like C, JavaScript (Jscript), and PHP.
  5. Support incident response and architecture reviews with application security expertise.
  6. Develop metrics and performance analyses using platforms like Jira.
  7. Ensure compliance with security standards using Microsoft Security solutions.
  8. Integrate DevSecOps into development processes, supporting Agile, Waterfall, and SCRUM methodologies.
• Application Security Oversight
  
  1. Develop and enforce application security policies and procedures.
  2. Conduct security assessments using tools like WebInspect and Metasploit.
  3. Code and API Security Management.
  4. Secure application code and APIs with reviews, secure coding practices, and tools like WebInspect.
  5. Monitor APIs for unauthorized access and ensure compliance with standards.
• CNAPP Administration
  
  1. Manage Cloud-Native Application Protection Platforms to address security threats and vulnerabilities.
  2. Risk Assessment and Mitigation
  3. Identify security risks and implement mitigation strategies to minimize impacts.
• Digital Lifecycle Management
  
  1. Coordinate system updates, patches, and upgrades using databases like mySQL and MS SQL.
• Other Capabilities
  1. Maintain expertise in platforms like J2EE, .NET, and API management for interoperability.
  2. Align security design and deployment standards with DevSecOps and Agile practices using tools like Jira.

• Bachelor’s or Master’s degree in Computer Science, Information Security, or related field.
• 13 - 15 years of working experience in Information Technology, application security, IT security, or a related field.
• Experience in Aviation Industry will be added advantages.

Major Requirements: Active Directory, SDLC, OWASP10. GIT, GCC, Jira, SCA, , WebInspect, C, Jscript, PhP, Xcode15, DevSecOps, Metasploit, Agile & Waterfall methodologies, SCRUM, mySQL & MS SQL.

• Strong understanding of regulatory requirements and industry standards relevant to data protection and privacy.
• Strong knowledge of secure coding practices, application security measures, and API security.