Senior Digital Program Specialist - Application Security

As a Senior Digital Program Specialist on Application Security at the Asian Infrastructure Investment Bank (AIIB) based in Beijing, China, your role is vital in ensuring the secure development, deployment, and maintenance of the Bank's applications. You will need a unique blend of technical expertise in secure software development, a strong understanding of architectural principles, and the ability to align security practices with business objectives. Your responsibilities will include: - Define, implement, and oversee the Application Security framework, ensuring security is integrated into all stages of software development. - Partner with architects, developers, and cross-functional teams to design secure application architectures and define security requirements throughout the design, development, and deployment phases. - Conduct threat modeling and security design reviews for new and existing applications. - Perform static and dynamic code reviews to identify vulnerabilities and ensure adherence to secure coding standards. - Lead initiatives for automated security testing and integration into CI/CD pipelines. - Ensure applications meet external compliance and internal security requirements, and industry standards such as ISO and OWASP. - Collaborate with project managers, product owners, and business stakeholders to align application security initiatives with business objectives, while fostering a culture of security awareness across all phases of the SDLC. - Support cybersecurity incident response efforts related to application security. - Continuously monitor and improve application security processes based on industry trends, emerging threats, and lessons learned. - Define the key risk indicators and key control indicators for application security, and support application security-related audit and control testing. Qualifications required for this position include: - Bachelor's degree in computer science, software engineering, information security, or in a related discipline. Master's degree would be a plus. - 8-10 years of relevant working experience in application security and relevant fields, preferably with financial institutions. - Proficient in at least one programming language (e.g., .NET/C#, Java, JavaScript, Python). - Hands-on experience with application security tools such as SAST, DAST, IAST, and RASP. - In-depth knowledge of secure coding practices, application architecture, including microservices, APIs, and cloud-native design patterns, to effectively assess and secure complex application ecosystems. - Strong understanding of information security standards and frameworks, including ISO 27001 and 27034, NIST SP800-218, OWASP Top 10 and SAMM, MITRE ATT&CK, etc. - Security certifications such as CISSP, CSSLP, CASE, GSSP, OSWE, or relevant Cloud certifications would be an advantage. - Strong business acumen and the ability to balance technical security needs with business priorities. - Strong reporting, writing, and communication skills, fluent in oral and written English. - Ability to work effectively in a multicultural organization. - Strong interpersonal and influencing skills, able to interact effectively with internal and external stakeholders. Join AIIB in creating a prosperous and sustainable Asia while growing your career in a diverse and innovative environment. AIIB is committed to diversity, transparency, and inclusion, encouraging applications from individuals worldwide, regardless of nationality, religion, gender, race, disability, or sexual orientation. As a Senior Digital Program Specialist on Application Security at the Asian Infrastructure Investment Bank (AIIB) based in Beijing, China, your role is vital in ensuring the secure development, deployment, and maintenance of the Bank's applications. You will need a unique blend of technical expertise in secure software development, a strong understanding of architectural principles, and the ability to align security practices with business objectives. Your responsibilities will include: - Define, implement, and oversee the Application Security framework, ensuring security is integrated into all stages of software development. - Partner with architects, developers, and cross-functional teams to design secure application architectures and define security requirements throughout the design, development, and deployment phases. - Conduct threat modeling and security design reviews for new and existing applications. - Perform static and dynamic code reviews to identify vulnerabilities and ensure adherence to secure coding standards. - Lead initiatives for automated security testing and integration into CI/CD pipelines. - Ensure applications meet external compliance and internal security requirements, and industry standards such as ISO and OWASP. - Collaborate with project managers, product owners, and business stakeholders to align application security initiatives with business objectives, while fostering a culture of security a