Application Security Analyst, Technology Centre

Are you ready to shape a better tomorrow?

AIA Digital+ is a Technology, Digital and Analytics innovation hub dedicated to powering AIA to be more efficient, connected and innovative as it fulfils its Purpose to help millions of people across Asia-Pacific live Healthier, Longer, Better Lives.

If you are hungry and driven to play an active role in shaping a better tomorrow, we want to hear from you. Because the work we do at AIA Digital+ makes a difference in the lives of millions of people, every day. We will equip you with the critical skills, tools and technology, and endless opportunities to learn, contribute and thrive in a dynamic and exciting environment.

If you want to shape a brighter future at AIA Digital+, please read on.

About the Role

We are seeking a skilled security analyst with expertise in application source code review who is able to validate vulnerability surfaces identified by application scanning tools. The security analyst should be able to independently operate the application tools and have hands on technical expertise to differentiate genuine issues from false positives. The successful candidate will drive the remediation of findings to ensure compliance with Enterprise security policy and regulatory requirements. This candidate will also provide support to facilitate pentest activities.

Roles and Responsibilities:

• Review application code to identify security flaws and suggest secure coding best practices.
• Able to conduct security assessment using automated tools or manual methods to identify vulnerability, weaknesses, and potential exploits. This involves analysing code, configurations, and infrastructure to ensure application robustness.
• Good understanding of programming languages such as Java, Python, and other commonly used development tool.
• Familiar with python scripting automation and at least one other programming language.
• Good understanding of encryption, authentication and authorization, access control.
• Familiar with industry standard security frameworks such as OWASP.
• Drive discussions and remediation with application team.
• Familiar with API Security, Container Security, Azure Cloud Security controls, network controls such as firewall, web application firewall.
• Monitor and handle security patches for applications and ensure that vulnerabilities are addressed and remediated in a timely manner.
• Ability to identify application security issues, and assess their risk to the organization.
• Track and populate application security metrics.
• Develop, maintain and ensure security operation procedures are updated periodically.

Experience:

• 3 to 6 years of experiences of information security domain, with hands on experience in source code review and penetration testing.
• Identity Management and Access controls knowledge.
• Hands on experience in Java/JavaScript Programming, React, Python or other scripting languages.
• Knowledge of Cloud security and architecture such as Container level, Cluster level, Repo etc. Preferably with experience in Azure.
• Good interpersonal and communication skill, with integrity, proactive attitude, and ownership.
• Any of the following experiences would be an added advantage:
  • Experience with working on open-source software related to Intrusion Detection, Prevention, and File Integrity Monitoring Systems and Flow based solutions.
  • Experience coordinating and performing vulnerability assessments through the use of automated and manual tools.
  • Experience configuring, implementing, and leveraging computer security and networking diagnostic/monitoring tools.
  • Knowledge of Windows and Linux patch management and related information security functions (authentication, encryption, iptables, SSL, Ciphers, etc).
  • Product knowledge on application scanning and vulnerabilities.
  • Knowledge of DevSecOps or CICD pipeline experience.

Education:

• Degree in one of the following or related disciplines (Computer Science, Computer Engineering, Information Security, Information Systems).

Certifications/licenses:

• Preferably a holder of one or more of the following information security qualifications: CISSP, CEH, GPEN, GWPT or similar.

Build a career with us as we help our customers and the community live healthier, longer, better lives.

You must provide all requested information, including Personal Data, to be considered for this career opportunity. Failure to provide such information may influence the processing and outcome of your application. You are responsible for ensuring that the information you submit is accurate and up-to-date.