Application Security, Analyst

At AIA we’ve started an exciting movement to create a healthier, more sustainable future for everyone.

As pioneering innovators for over 100 years, we’re now transforming our organisation to be faster, simpler and more connected. Because we want to be even better equipped to develop digital solutions and experiences that help more people live Healthier, Longer, Better Lives.

To get there, we need people with tech/digital/analytics expertise and passion to help develop positive, sustainable change through digitally enhanced experiences that will impact the lives of millions of people and create a healthier future for everyone.

If you believe in developing a better tomorrow, read on. 

About the Role

We are seeking a skilled Security Analyst with expertise in application penetration testing, source code review, scripting and is able to validate findings from penetration tests conducted by external vendors for web and mobile applications in both On-Prem and Cloud environments. The successful candidate will drive the remediation of findings to ensure compliance with Enterprise security policy and regulatory requirements. This candidate will also provide security design review, knowledge and experience in IAM, Threat Modelling.

WHAT YOU’LL BE DOING:

• Collaborate with application teams to understand the security requirements during design review.

• Facilitate discussions and meetings between application team and external pentest vendor.

• Preparing and performing pentests using automated tools and simulate attacker tactics manually for the assignments.

• Familiar with python for scripting automation.

• Familiar with API Security, Container Security, Azure Cloud Security controls, network controls such as firewall, web application firewall.

• Proactively review the findings identified from pentest and identify systemic code development vulnerability.

• The ability to identify security risks to the organization's environment and application security and resolve any false positive vulnerabilities from the pentest.

• Responsible for automating security controls and processes to provide improved metrics and operational support.

• Provide advices to application teams on vulnerability remediation.

• Knowledge of how to model threats and risks and know the controls vital to mitigate them.

• Identify weaknesses in user authentication and authorization in new application designs.

WE ARE LOOKING FOR SOMEONE WITH | YOU WILL HAVE:

• University degree in one of the following or related disciplines (Computer Science, Computer Engineering, Information Security, Information Systems).

• Preferably a holder of one or more of the following information security and audit qualifications: CISSP, CEH, GPEN, GWPT or similar.

• 4 - 6 years of experiences of information security domain, with experience in source code review and penetration testing.

• Identity Management and Access controls knowledge.

• Hands on experience in Java/JavaScript Programming, React, Python or other scripting languages.

• Knowledge of Cloud security and architecture such as Container level, Cluster level, Repo etc. Preferably with experience in Azure.

• Good interpersonal and communication skill, with integrity, proactive mentality, and ownership.

• Familiar with privilege user IDs management.

• Any of the following experiences would be an added advantage:

  • Experience with working on open-source software related to Intrusion Detection, Prevention, and File Integrity Monitoring Systems and Flow based solutions.

  • Experience coordinating and performing vulnerability assessments through the use of automated and manual tools.

  • Experience configuring, implementing, and using computer security and networking diagnostic/monitoring tools.

  • Knowledge of Windows and Linux patch management and related information security functions (authentication, encryption, iptables, SSL, Ciphers, etc).

  • Product knowledge on Cloud scanning and vulnerabilities.

Build a career with us as we help our customers and the community live Healthier, Longer, Better Lives.

You must provide all requested information, including Personal Data, to be considered for this career opportunity. Failure to provide such information may influence the processing and outcome of your application. You are responsible for ensuring that the information you submit is accurate and up-to-date.