The Application Security Advisor plays a key role in safeguarding our software development lifecycle by integrating security best practices and DevSecOps principles into our SDLC. This role will also manage the governance of our penetration testing efforts, including the annual selection and oversight of a pentester panel, as well as coordinate comprehensive application security testing initiatives. The ideal candidate is a security expert with a blend of technical knowledge and strategic insight, capable of advising cross-functional teams and ensuring that security is embedded throughout the development process.

Key Responsibilities

Security Strategy and Group Assessments

• Support regular group assessments to evaluate security risks, security maturity and compliance gaps across SCBX Group.

Policy, Procedures, Standards & Guidelines

• Support the development, review, and update of security policies, procedures, standards, and guidelines to ensure robust organizational controls.
• Regularly update documentation to reflect the evolving threat landscape and regulatory requirements.

Security Consultation

• Lead conversation with senior leadership across SCBX Group and provide value-added insights to delivered outcome.
• Develop a comprehensive proposal and project plan that secures buy-in from senior stakeholders, while establishing an effective delivery approach for the working group to ensure successful project delivery and valued outcomes.
• Embrace creative problem-solving and flexible approaches to navigate challenges, ensuring that critical outcomes are consistently achieved while effectively managing obstacles.
• Provide expert guidance and recommendations to internal and external stakeholders on the best security practices and solutions to address operational and compliance issues.
• Recommend improvements for security governance and operational resilience

SDLC Security & DevSecOps Integration

• Develop and implement security frameworks and best practices within the SDLC to minimize vulnerabilities.
• Collaborate with development, operations, and security teams to embed security controls and processes within continuous integration/continuous deployment (CI/CD) pipelines.
• Advise on the integration of automated security testing tools and manual assessments throughout development, staging, and production phases.
• Monitor and evaluate the effectiveness of security controls, adjusting strategies as required.

Pentester Governance & Annual Panel Selection

• Oversee and manage the overall pentesting program, including planning, scoping, and executing external and internal penetration tests.
• Develop and enforce governance policies for third-party penetration testing, ensuring compliance with internal and industry standards.
• Lead the annual selection process of the pentester panel by evaluating vendor capabilities, reviewing performance metrics, and coordinating panel evaluations.
• Collaborate with legal, procurement, and compliance teams to negotiate contracts and service level agreements (SLAs) with selected vendors.

Application Security Testing

• Define and maintain comprehensive application security testing strategies, including static and dynamic code analysis, vulnerability assessments, and risk management.
• Coordinate regular security assessments, penetration tests, and vulnerability remediation efforts.
• Analyze findings from testing activities and provide actionable recommendations to mitigate risks.
• Work with development teams to ensure security testing is integrated into agile and DevOps methodologies.

Qualifications

Experience

· Minimum of 7+ years in information security consultancy, with a proven track record in Application security, DevSecOps integration, Vulnerability Management, Penetration testing.

· Demonstrated expertise in developing and implementing security frameworks and policies that embed secure coding practices and automated security testing within complex, enterprise-level SDLC environments.

· Demonstrates a deep understanding of global security frameworks, including NIST, ISO 27001/27002, PCI-DSS, BOT and CIS Controls.

· Extensive experience in conducting large-scale security assessments, performance measurements, risk management, and security strategy development that align with organizational objectives.

· Relevant certifications such as CISSP, CISM, CRISC, OSCP, or equivalent are highly desirable.

Key Competencies

· Technical Proficiency In-depth knowledge of application security testing methodologies (SAST, DAST, IAST) and secure integration practices within CI/CD pipelines.

· Vendor Management & Governance Strong capability in managing third-party penetration testing programs, including the annual selection and governance of pentester panels to ensure high-quality assessments.

· Analytical Skills Exceptional ability to analyze complex security challenges across development and production environments and to devise effective mitigation strategies.

· Collaboration & Communication Proven track record of working with diverse teams and influencing decision-making at all organizational levels through clear, concise communication.

· Adaptability & Continuous Improvement Flexible and responsive in a fast-changing security landscape, with a commitment to continuous improvement and staying current with emerging trends and threats.

Skills

· Strategic thinking and risk management

· Technical expertise in application security testing methodologies

· Vendor management and contract negotiation

· Strong problem-solving and analytical abilities

· Excellent written and verbal communication skills

Why Join Us?

• Innovative Environment, Work in a cutting-edge environment where your expertise drives impactful security solutions.

• Career Growth, Opportunities for professional development and advancement.

• Collaborative Culture, Join a team of dedicated professionals committed to maintaining a secure digital ecosystem.