Senior Digital Program Specialist - Application Security

北京市
长期
全职

8天前

The Asian Infrastructure Investment Bank (AIIB) is a multilateral development bank whose mission is Financing Infrastructure for Tomorrow in Asia and beyond-infrastructure with sustainability at its core. We began operations in Beijing in 2016 and have since grown to 110 approved members worldwide. We are capitalized at USD100 billion and AAA-rated by the major international credit rating agencies. Collaborating with partners, AIIB meets clients' needs by unlocking new capital and investing in infrastructure that is green, technology-enabled and promotes regional connectivity.The Information Technology Department (ITD) provides technical services in the areas of digital services, IT-related procurement, cybersecurity, IT risk and resilience, data management, digital learning, and digital transformation, ensuring overall alignment with the Bank's needs and priorities. The team oversees the development and refinement of the IT strategy, the effective management of technology resources, and the provision of technical support across Bank operations. These efforts are critical to fostering a digital and data-driven culture within the Bank in alignment with its Corporate Strategy, promoting the innovation of digital infrastructures, and ensuring the smooth operation and security of daily functions.ITD is seeking a highly skilled and motivated Senior Digital Program Specialist for application security. This position plays a pivotal role in ensuring that the Bank's applications are developed, deployed, and maintained securely. This role requires a unique blend of technical expertise in secure software development, a strong understanding of architectural principles, and the ability to align security practices with business objectives. The ideal candidate will have a solid grasp of application architecture and design patterns, secure coding practices, threat modeling, and a proactive approach to integrating security throughout the software development lifecycle (SDLC).Responsibilities:

Define, implement, and oversee the application security framework, ensuring that security is integrated into all stages of software development.
Partner with architects, developers, and cross-functional teams to design secure application architectures and define security requirements throughout the design, development, and deployment phases.
Conduct threat modeling and security design reviews for new and existing applications.
Perform static and dynamic code reviews to identify vulnerabilities and ensure adherence to secure coding standards.
Lead initiatives for automated security testing and integration into CI/CD pipelines.
Ensure that applications meet external compliance and internal security requirements and industry standards such as ISO and OWASP.
Collaborate with project managers, product owners, and business stakeholders to align application security initiatives with business objectives, while fostering a culture of security awareness across all phases of the SDLC.
Support cybersecurity incident response efforts related to application security.
Continuously monitor and improve application security processes based on industry trends, emerging threats, and lessons learned.
Define the key risk indicators and key control indicators for application security, and support application security related audit and control testing.

Requirements:

Bachelor's degree in computer science, software engineering, information security, or a related discipline. Master's degree would be a plus.
8-10 years of relevant working experience in application security and relevant fields, preferably with financial institutions.
Proficient in at least one programming language (e.g., .NET/C#, Java, JavaScript, Python).
Hands-on experience with application security tools such as SAST, DAST, IAST, and RASP.
In-depth knowledge of secure coding practices, application architecture, including microservices and APIs, and cloud-native design patterns, to effectively assess and secure complex application ecosystems.
Strong understanding of information security standards and frameworks, including ISO 27001 and 27034, NIST SP800-218, OWASP Top 10 and SAMM, and MITRE ATT&CK.
Security certifications such as CISSP, CSSLP, CASE, GSSP, OSWE, or relevant Cloud certifications would be an advantage.
Strong business acumen and the ability to balance technical security needs with business priorities.
Strong reporting, writing, and communication skills. Fluent in oral and written English.
Ability to work effectively in a multicultural organization.
Strong interpersonal and influencing skills. Able to interact effectively with internal and external stakeholders.

AIIB is committed to diversity, transparency, and inclusion. We believe our strength comes from having a team with the right diverse skills, experiences, and abilities selected through a merit-based competitive process. We actively encourage applications from people from both within and outside AIIB members, regardless of nationality, religion, gender, race, disability, or sexual orientation.Previous experience and qualifications will determine the grade and job title at which successful applicants will enter AIIB.Join us and help create a prosperous and sustainable Asia while growing your career in a diverse and innovative environment.

Asian Infrastructure Investment Bank

立即申请