Application Security Manager

1. Primary Purpose of Job / Value Added on the Positions主要工作目标

In just a few sentences, broadly describe the main purpose of the job.  Indicate what is done and why (outcome).  i.e., answer the question, “Why does the job exist?

用简单的几句话大致描述岗位设置的目的，请说明该岗位的设置对部门及公司运营的作用。

JLRC is searching for experienced candidates for the position of  Application Security Manager. The Application Security Manager reports directly to the VP, IT Security and Compliance, but works closely with development teams, product teams, and other teams across the organization to integrate security into the product lifecycle from design through deployment. The Application Security Manager is a subject matter expert in defining security requirements, performing application security assessments, and providing developers with remediation guidance and advice.

2. Key Accountabilities岗位职责
   (Major functions of the position 职位的首要职能)

12. Work independently with developers, product owners, and other colleagues to ensure secure design, development, and implementation of applications and networks
13. Participate in security architecture design reviews with each project (primarily on cloud)
14. Assist project teams in implementing security measures to meet corporate policies and external regulations
15. Provide remediation guidance and recommendations to developers and administrators
16. Develop and deliver training around secure development lifecycle and secure coding practices
17. Participate in the development of information security strategies, roadmaps, policies and standards
18. Lead the design, configuration and integration of enterprise security solutions
19. Review existing architecture, identifying design gaps, and recommends security enhancement

3. Position Requirements 岗位要求

Education and Qualifications

教育和学历

• BS in Computer Science or equivalent, 7 plus years’ experience in security operations and architecture
• Security related certification (CISSP, CISM...) greatly appreciated

Experience

工作经验

• Experience working with development teams to build secure solutions
• Experience implementing, managing or governing security technologies, including encryption, mobile application security, network security, intrusion detection and digital forensics
• Experience with code review from security perspective
• Experience developing security domain architectures and standards
• Experience in assessing security risks

Knowledge and Skills

(general and technical)

知识和技能

• Strong familiarity with common vulnerabilities and attack vectors
• Strong understanding of cloud (preferably AWS/Ali Cloud), big data technologies and internet
• Knowledge of web service technologies, load balancer services and RESTful APIs
• Knowledge of ubiquitous encryption technologies and common authentication protocols
• Solid understanding of secure network and system design in both the cloud and conventional environments

5.  Competency Requirements 能力要求

The ability to communicate clearly at all levels, demonstrating strong verbal and written communication skills

Professional certifications in Information Security（e.g., CISSP）or Cloud Security preferred

English Language Ability: Professional Working Proficiency