CLIENT:
Our executive search client is one of the most progressive digital banks in the Philippines now.
JOB DESCRIPTION
• Develop, integrate, and manage the product (mobile app / mobile) security team. Directs and mentors staff in identifying, developing, implementing, and maintaining security programs and practices across the product development and production environments
• Provide strategic direction, set objectives, and structure and resource UnionDigital Bank and the work in a way that improves the impact of the team and provides a paved path to a leadership position among SaaS providers, inclusive of application security, mobile security, and data security
• Develop, integrate, and manage the product security programs and capabilities to an industry-leading position, finding opportunities to improve our existing approach, and helping to guide the team to unlock that potential
• Develop, integrate, and manage strong relationships within the product, engineering and operations teams in order to implement the appropriate security controls to protect UnionDigital Bank’s applications, infrastructure, and data
• Develop, integrate, and manage UnionDigital Bank’s mobile app / mobile security development lifecycle
• Research and advocate for new UnionDigital Bank’s mobile app / mobile security solutions and technologies
• Improve secure coding practices, application security requirements, automation, training, and metrics
• Be a thought leader and subject matter expert on security architecture and technology in device security, mobile security and compute infrastructure in AWS
• Conduct manual source code business security audits
• Research of security technologies and security attack and defense solutions for mobile and mobile app
• Develop and adopt Security and Compliance tools and processes for AWS, API, Kubernetes and 3rd party’s tools, and work with DevSecOps to enforce it
JOB QUALIFICATION
• Bachelor’s degree preferred in Information Security, Computer Science or related field preferred
• 5+ years of experience leading product (mobile / mobile app) security, cyber, design, etc.
• 5+ years of experience in security, cyber, design, relevant iOS and Android based apps
• 5+ years of code / programming experience (secure programming)
• 3+ years managing a Product (mobile / mobile app) security or similar team
• Prior experience with AWS, Linux and/or Kubernetes is desirable.
• Demonstrated leadership, team management, and decision-making skills
• In depth knowledge of device, firmware and hardware security as well as public cloud architectures
• Experience in secure device provisioning, management and supply chain security
• Experience performing threat modeling and design reviews to assess security implications and requirements
• Experience in defining and documenting security reference architectures and standards
• Experience with implementing common security frameworks and controls in highly automated environments, especially in CI/CD environments
• Proven leadership in leading Agile software development methodology and apply rapid delivery of features and releases using CI/CD
• Significant experience designing and developing cloud-based software solutions for AWS or other similar cloud platforms
• Significant experience with APIs, web services, and general integration challenges and solutions and with API centric integration
• Mobile App and Mobile Web technologies
• Knowledge of application security and secure software development practices such as Secure Software Development Life Cycle
• Knowledge of information security standards and frameworks such as OWASP, NIST, SANS, etc.
• Security reviews for Code/Design/Architecture and threat modeling
• Experience securing Cloud environments / AWS
• Experienced with security development methodologies and standards
• Experience with web application security and API analysis.
• Deep understanding of OWASP Top 10 and CWE 25; with proven track record and experience in implementing and integrating remediation strategies
• Good knowledge of secure coding best practices and ability to guide R&D teams on how to write secure code
ACTIVE DATES
Urgent