Do you want to take the first step in making Filipinos’ lives better everyday? Here in GCash we want to stay at the forefront of the FinTech industry by creating innovative, meaningful, and convenient financial solutions for the nation! G ka ba? Join the G Nation today!
Key Responsibilities:
Leadership and Collaboration
- Lead and mentor a team of application security engineers to support agile tribes in adopting secure coding practices.
- Collaborate with product managers, development teams, and DevOps engineers to integrate security seamlessly into the SDLC (Software Development Lifecycle).
- Serve as the subject matter expert for application security within the organization.
Secure Coding Practices
- Define, implement, and enforce secure coding guidelines across all agile tribes.
- Conduct regular code reviews and threat modeling sessions to identify and mitigate vulnerabilities early.
- Promote the use of static and dynamic application security testing (SAST/DAST) tools and practices.
Program Development
- Develop and drive an application security roadmap aligned with organizational goals.
- Introduce secure design principles (e.g., OWASP Top Ten, SANS/CWE) into new and existing projects.
- Champion the integration of security as a key success metric within agile workflows.
Awareness and Training
- Design and deliver targeted security training for developers and stakeholders.
- Advocate for a security-first mindset, promoting awareness and ownership of secure coding across the organization.
Compliance and Risk Management
- Ensure alignment with relevant security and privacy standards, such as GDPR, ISO 27001, and PCI-DSS.
- Oversee the management of vulnerabilities, driving remediation efforts and tracking progress.
- Work closely with cybersecurity teams to ensure consistent risk management and reporting.
Required Qualifications:
Technical Expertise:
- Proven experience in application security, secure software development, or a related field.
- Hands-on experience with security tools (e.g., SAST/DAST, IAST, RASP) and secure coding frameworks.
- Deep knowledge of programming languages such as Python, Java, C#, JavaScript, or Go, and their associated security pitfalls.
Leadership and Collaboration:
- Exceptional ability to influence, mentor, and lead diverse teams in an agile environment.
- Strong communication skills to convey complex security concepts to technical and non-technical audiences.
- Experience collaborating with DevSecOps teams and implementing CI/CD security pipelines.
Certifications (Preferred):
- Certified Information Systems Security Professional (CISSP)
- Certified Secure Software Lifecycle Professional (CSSLP)
- Offensive Security Certified Professional (OSCP) or equivalent
Personal Attributes:
- Passionate about innovation and secure development.
- Strong analytical and problem-solving skills.
- Demonstrated ability to balance security needs with agile delivery requirements.
What We Offer
Opportunity for career growth and development in the #1 FinTech company in the country Working with a dynamic and highly collaborative team who want to change the game A company that values their people with highly competitive and flexible compensation and benefits package