(IT) Senior Application And Data Security Officer

A. Job Objectives

Participate in the implementation, operation, and control of application and data-related security activities to ensure compliance with internal regulations and legal requirements, and to minimize the risk of data leaks and security vulnerabilities.

B. Main Responsibilities

1. Information Security Assessment

• Conduct security assessments for information systems according to plan

• Review security configurations and access control

• Monitor vulnerability remediation and non-compliance issues

2. Application Security

• Participate in the security process in the SDLC: Review security requirements, support secure coding, perform SAST/DAST/SCA testing, conduct pre-golive information security assessments, coordinate with Dev, QA, and Infrastructure to address vulnerabilities

• Manage the operation of application security systems: Mobile Security, SAST, DAST

3. DLP System Operation

• Monitor alerts and handle DLP events

• Refine rules/policies

• Analyze data leakage cases

• Prepare periodic reports

• Data Classification & Protection: Participate in building and implementing data classification, label data according to regulations, propose appropriate protection measures for each classification level Type

4. Database Security

• Monitoring and operating the Database Firewall/DAM system

• Tracking unusual database access

• Reviewing database access rights

5. Reporting & Compliance

• Preparing periodic or ad-hoc operational reports as required.

• Assisting in providing documentation for audits/inspectors.

- Bachelor's degree in IT or related fields, with >2 years of experience in security, preferably candidates with experience in similar fields (Application Security, DLP, Database Security)

- Language: Conversational English, ability to read and understand technical documents.

- Basic knowledge of:

• Operating systems, networks, TCP/IP, network security systems, intrusion detection and prevention systems, and systems related to information security.

• Application Security: OWASP Top 10, Secure SDLC, Security Testing (SAST/DAST is an advantage)

• Data Protection: Data classification, Data Loss Prevention (DLP), Data access control

• Databases: Popular database management systems (Oracle / SQL Server / MySQL…), Concepts of permissions and database audit

• Certifications: Candidates with the following certifications are preferred: CEH, CompTIA Security+/Pentest+, eJPT / PNPT, OSCP, CSSLP…