Technology Application and Platform Senior Associate

SCOPE & AUTHORITY

1. Application Security

• Perform application security reviews, static/dynamic code analysis (SAST/DAST), and threat modeling for internal and third-party applications.
• Collaborate with software engineering teams to integrate security into the software development lifecycle (SDLC).
• Work with DevSecOps tools and practices to automate security checks in CI/CD pipelines.
• Ensure secure coding standards are adhered to and conduct secure code reviews where necessary.

2. Platform & Cloud Security

• Secure cloud-native platforms (e.g., AWS, containers, serverless) by validating architecture and configurations against best practices and regulatory requirements.
• Assess vulnerabilities and hardening of core platforms (e.g., Linux, Kubernetes, databases, application runtimes).
• Provide guidance on identity and access management (IAM), secrets management, and least-privilege enforcement.

3. Risk Assessment & Remediation

• Perform security assessments of new platforms, third-party tools, and APIs.
• Collaborate with IT, DevOps, and business units to resolve identified risks and ensure timely closure of security issues.
• Monitor for application and platform-related security events and support incident response when needed.

4. Governance & Compliance

• Contribute to the development and implementation of security policies, standards, and guidelines related to applications and platforms.
• Ensure alignment with regulatory expectations (e.g., BNM RMIT, PCI-DSS, ISO 27001) and internal audit findings.
• Maintain documentation of security architecture decisions and risk mitigation measures.

5. Awareness & Training

• Promote security awareness and best practices among developers, architects, and platform engineers.
• Conduct internal knowledge sharing or training sessions on secure development and platform configuration.

Education & Experience

• Bachelor’s degree in Computer Science, Cybersecurity, or a related field.
• 5–8 years of experience in cybersecurity, with a focus on application and/or cloud platform security.
• Experience with security tools like Burp Suite, OWASP ZAP, Checkmarx, Veracode, Aqua, Sysdig, or similar.
• Experience with cloud platforms (e.g., AWS, GCP), container security, and infrastructure-as-code is a plus.

Certifications (Preferred)

• CEH, OSCP, GIAC (GWAPT/GWEB), CISSP, or equivalent security certifications.

Skills & Competencies

• Strong understanding of web/mobile app vulnerabilities (OWASP Top 10, CWE).
• Familiarity with DevSecOps principles and tools.
• Solid communication skills to work effectively across engineering and business teams.
• Analytical mindset with a passion for proactive threat prevention.