Save Job
Posted 7mo ago

Manager, IT Security

@ Great Eastern
Malaysia
OnsiteFull Time
Responsibilities:Penetration testing, Code reviews, Vulnerability assessments
Requirements Summary:7+ years IT security experience; hands-on in penetration testing, secure code review, SCA, container security, vulnerability assessments; familiar with MAS TRM and BNM RMiT.
Technical Tools Mentioned:Burp Suite, OWASP ZAP, Fortify, Checkmarx, Black Duck, Nessus, Aqua Security, Qualys
Save
Mark Applied
Hide Job
Report & Hide
Job Description

The Manager, Application Security is responsible for strengthening our enterprise application security posture. This is a hands-on individual contributor role responsible for performing penetration testing, secure code review, software composition analysis, container image assurance, and vulnerability assessments, as well as managing findings and supporting compliance with financial industry regulations. The role requires strong technical expertise, practical testing skills, and familiarity with regulatory requirements such as MAS TRM Guidelines and BNM RMiT Policy Document.

  • Conduct penetration testing for web, mobile, and API applications.
  • Perform secure code reviews, software composition analysis, and container image assurance to identify vulnerabilities early in the SDLC.
  • Perform vulnerability assessments for applications, middleware, and supporting systems.
  • Utilise industry-standard tools such as Burp Suite, OWASP ZAP, Fortify, Checkmarx, Black Duck, Nessus, Aqua and Qualys.
  • Triage, validate, and prioritise security findings from security assessments.
  • Work with development, DevOps, and infrastructure teams to ensure timely remediation.
  • Track and report remediation progress, ensuring closure within timelines required by regulatory instruments and Technology Security Standards. 
  • Provide guidance to developers and project teams on secure coding practices.
  • Embed application security controls and tools (SAST, DAST, SCA, IAST) into CI/CD pipelines. 
  • Maintain security documentation and provide evidence for audits and regulatory reviews. 
  • Ensure compliance with internal policies, regulatory obligations, and industry best practices. 
  • Support audits, risk assessments, and regulatory inspections involving application security.

  • Bachelor’s degree in Information Security, Computer Science, or related field.
  • Professional certifications such as CREST, OSCP+, OSEP, or GPEN. 
  • 7+ years of IT security experience, with at least 4 years of direct experience in project-based and annual penetration testing for web, mobile, and API applications. 
  • Experienced in secure code reviews, software composition analysis, container image assurance, and vulnerability assessments. 
  • Strong technical knowledge of web, mobile, and API security, including OWASP Top 10 and common attack vectors. 
  • Hands-on expertise with security testing tools mentioned above. Ver 1.0 
  • Working knowledge of MAS TRM, MAS Cyber Hygiene, and BNM RMiT requirements