IT Security Application Team Leader

1. IT Security Engineering & Development
- Support strategic planning and execution of the bank’s information security roadmap.
- Advise on the design and implementation of cross-domain security solutions.
- Lead complex incident response operations and post-incident analysis.
- Conduct cybersecurity research to anticipate threats and inform architecture design.
- Propose strategic and operational plans for secure system development.
- Research and design security solutions covering network, application, endpoint, and data security.
- Develop secure programming standards based on CWE/SANS Top 25, OWASP.
- Perform security risk modeling and source code reviews.
- Assess emerging vulnerabilities and implement proactive defenses.
- Collaborate with monitoring and incident response teams to address attack events.

2. IT Security Implementation
- Develop and execute security assessments for IT projects and systems.
- Conduct vulnerability assessments and penetration testing (Vulnerability Assessment & Penetration Testing) on:
- Web applications, Mobile applications (iOS & Android), API, Winform.
- Server systems (Windows, Linux), databases, network infrastructure, and cloud environments.
- Review and optimize security configurations on servers, network devices, security appliances, and storage systems.

3. IT Security Operations
- Update and manage security vulnerabilities in IT systems, develop and implement remediation plans.
- Maintain and ensure compliance with PCI DSS certification and NHNN security standards.
- Operate and maintain critical security systems such as SIEM, IPS/IDS, DLP, PIM.
- Collaborate with relevant departments to implement security measures such as patch management, antivirus management, and endpoint protection.

4. Vulnerability Management
- Continuously update and monitor security vulnerabilities, malware threats, and risks; analyze and provide recommendations for remediation.
- Conduct regular security assessments (VA, Pentest, ASV, APT, segment test) for operating systems, applications, databases, and networks.
- Manage, monitor, and ensure remediation of all detected security vulnerabilities in IT services.

5. Other Responsibilities
- Support cross-functional tech projects.
- Conduct training and mentoring programs to build internal capabilities.
- Assist in career development planning within the security function.
- Perform other tasks as assigned by management.

Experience: Minimum of 2-5 years of experience in IT security, including security testing for web applications, mobile applications, server systems, and network devices.
Preferred Qualifications: Security certifications such as GPEN, LPT, CEH, OSCP, or equivalent penetration testing certifications.Candidates with CVEs or contributions to cybersecurity projects are highly preferred.

1. Education
- Bachelor's degree in Information Security, Cybersecurity, Cryptography, IT, Telecommunications, Computer Science, or related fields.
Technical Knowledge
- Proficiency in at least one programming language (PHP, Python, C/C++, Java) and understanding of Software - Development Life Cycle (SDLC).
- Strong knowledge of networking, security, server operating systems, Middleware, and databases.

2. Experience in:
- Security testing for Web, API, Mobile, Winform Applications, Network, Infrastructure, and OS.
- Identifying and assessing vulnerabilities in IT systems.
- Security standards such as PCI DSS, OWASP, and cybersecurity attack techniques.
- Reviewing security requirements in BRD and business processes before system development.

3. IT Proficiency
- Proficient in security testing tools, including:
- Information gathering, vulnerability scanning, and security exploitation tools.

4. Skills
- Strong documentation and report writing skills.
- Effective communication and presentation skills.
- Analytical and problem-solving abilities.
- Risk management skills.