IT Application Security, Specialist

At AIA we’ve started an exciting movement to create a healthier, more sustainable future for everyone.

As pioneering innovators for over 100 years, we’re now transforming our organisation to be faster, simpler and more connected. Because we want to be even better equipped to develop digital solutions and experiences that help more people live Healthier, Longer, Better Lives.

To get there, we need people with tech/digital/analytics expertise and passion to help develop positive, sustainable change through digitally enhanced experiences that will impact the lives of millions of people and create a healthier future for everyone.

If you believe in developing a better tomorrow, read on. 

About the Role

Location: Hochiminh City
Report to: Manager, IT Security & Asset Management
Function: Customer & Information Technology | Department: IT Security & Asset Management
Role: Individual Contributor

The Opportunity:
We are currently looking for an Application Security Engineering, Specialist who is responsible for:
- Ensure that applications and services are secured and implemented with the best security practices.
- Design and review security for various inter-connected application and infrastructures, especially in Cloud authentication, authorization, information protection, Compliance, and cryptographic controls for both cloud environment and on-premises.

Roles and Responsibilities:

1. Security Architecture Assessment (20%): ensure AIA Vietnam's applications for customers, agency and operations are well designed to protect data integrity and confidentiality.

• Responsible for working with application team to review security controls from design to implementation such as access control, authentication, secret management.
• Support review application vulnerabilities from multiple sources to build technical solutions to address security weaknesses.
• Responsible for reviewing new technology and systems to ensure compliance with Group standard.

2. Penetration testing & Security tool operation (40%): to ensure AIA Vietnam's applications have safeguard against potential threats.

• Responsible for coordinate with Application team, Service Delivery team to book the penetration testing.
• Manage external vendors to perform the penetration testing.
• Conduct Security Configuration Assessment / Static application security testing (SCA/SAST).
• Conduct Container Security Scan (CSS)
• Conduct Dynamic Application Security Test (DAST).

3. Security Tool Integration (40%): to ensure AIA Vietnam's infrastructure is integrated with AIA Group Security tools.

• Implement new security technologies as required to support a dynamic/challenging business environment.
• Identify operational opportunities to implement security orchestration and automation capabilities.
• Integrate with other internal systems and tools.
• Create and drive proactive monitoring and reporting for endpoint and system health including, patching, compliance, and other performance metrics.

Requirements:

• B.A Degree or higher in Information Technology related field.
• 4 years of experiences of information security domain, especially hands on experience for source code review, security operation
• Hands on experience in Programming such as .NET, java, or other scripting languages etc. is a plus
• Familiarity with Microsoft Azure Policy, Configuration, and Security Management tools is a plus.
• Security Certifications/licenses: OSCP, OSWE, Azure-related, Security+, CISA, CISSP is a plus.
• Good communication skills, especially in English to effectively work and negotiate with internal/external teams.
• Work under high pressure, goal oriented, and inspired to perform without outside help.

Build a career with us as we help our customers and the community live Healthier, Longer, Better Lives.

You must provide all requested information, including Personal Data, to be considered for this career opportunity. Failure to provide such information may influence the processing and outcome of your application. You are responsible for ensuring that the information you submit is accurate and up-to-date.