Application Security Manager

About the Job

The Manager, Application Security is responsible for strengthening our enterprise application security posture. This is a hands-on individual contributor role responsible for performing penetration testing, secure code review, software composition analysis, container image assurance, and vulnerability assessments, as well as managing findings and supporting compliance with financial industry regulations. The role requires strong technical expertise, practical testing skills, and familiarity with regulatory requirements such as MAS TRM Guidelines and BNM RMiT Policy Document.

• Conduct penetration testing for web, mobile, and API applications.
• Perform secure code reviews, software composition analysis, and container image assurance to identify vulnerabilities early in the SDLC.
• Perform vulnerability assessments for applications, middleware, and supporting systems.
• Utilise industry-standard tools such as Burp Suite, OWASP ZAP, Fortify, Checkmarx, Black Duck, Nessus, Aqua and Qualys.
• Triage, validate, and prioritise security findings from security assessments.
• Work with development, DevOps, and infrastructure teams to ensure timely remediation.
• Track and report remediation progress, ensuring closure within timelines required by regulatory instruments and Technology Security Standards.
• Provide guidance to developers and project teams on secure coding practices.
• Embed application security controls and tools (SAST, DAST, SCA, IAST) into CI/CD pipelines.
• Maintain security documentation and provide evidence for audits and regulatory reviews.
• Ensure compliance with internal policies, regulatory obligations, and industry best practices.
• Support audits, risk assessments, and regulatory inspections involving application security.

We are looking for people with

• Bachelor's degree in Information Security, Computer Science, or related field.
• Professional certifications such as CREST, OSCP+, OSEP, or GPEN.
• 7+ years of IT security experience, with at least 4 years of direct experience in project-based and annual penetration testing for web, mobile, and API applications.
• Experienced in secure code reviews, software composition analysis, container image assurance, and vulnerability assessments.
• Strong technical knowledge of web, mobile, and API security, including OWASP Top 10 and common attack vectors.
• Hands-on expertise with security testing tools mentioned above.
• Working knowledge of MAS TRM, MAS Cyber Hygiene, and BNM RMiT requirements.

How you succeed

• Champion and embody our Core Values in everyday tasks and interactions.
• Demonstrate high level of integrity and accountability.
• Take initiative to drive improvements and embrace change.
• Take accountability of business and regulatory compliance risks, implementing measures to mitigate them effectively.
• Keep abreast with industry trends, regulatory compliance, and emerging threats and technologies to understand and highlight potential concerns/ risks to safeguard our company proactively.

Who we are

Founded in 1908, Great Eastern is a well-established market leader and trusted brand in Singapore and Malaysia. With over S$100 billion in assets and more than 16 million policyholders, including 12.5 million from government schemes, it provides insurance solutions to customers through three successful distribution channels – a tied agency force, bancassurance, and financial advisory firm Great Eastern Financial Advisers. The Group also operates in Indonesia and Brunei.

The Great Eastern Life Assurance Company Limited and Great Eastern General Insurance Limited have been assigned the financial strength and counterparty credit ratings of "AA-" by S&P Global Ratings since 2010, one of the highest among Asian life insurance companies. Great Eastern's asset management subsidiary, Lion Global Investors Limited, is one of the leading asset management companies in Southeast Asia.

Great Eastern is a subsidiary of OCBC, the longest established Singapore bank, formed in 1932. It is the second largest financial services group in Southeast Asia by assets and one of the world's most highly-rated banks, with an Aa1 rating from Moody's and AA- by both Fitch and S&P. Recognised for its financial strength and stability, OCBC is consistently ranked among the World's Top 50 Safest Banks by Global Finance and has been named Best Managed Bank in Singapore by The Asian Banker.

To all recruitment agencies:
Great Eastern does not accept unsolicited agency resumes. Please do not forward resumes to our email or our employees. We will not be responsible for any fees related to unsolicited resumes.