Application Security Manager
Full-time | Dhaka, BD
Responsible for ensuring that Web and Android Application Security best practices are properly implemented and for regular monitoring of secure application development. S/he should perform the application security analysis, security testing, penetration testing and internal vulnerability assessment to identify high risk areas and drive remediation for effective compliance against HIPAA, the HITECH Act and HITRUST requirements. S/he should produce analytical reports regularly and on demand to support Compliance & Security, and other line of business team requirements.
These duties to be performed in coordination with his/her immediate supervisor. The responsibility extends to maintain security policy and documentation up to date in collaboration with other Augmedix business units.
ESSENTIAL JOB FUNCTIONS:
- Working knowledge on software development lifecycle to understand software security risk and testing methods of web and Android application.
- Design test cases based on application and product design to conduct security testing at various level and exploit our exposure to vulnerabilities to secure end to end solution
- Conduct analysis on various reports generated from security tools such Static Code Analyzer, Dynamic Analyzer and other tools to prepare application security reports.
- Run vulnerability/penetration tests for web application, cloud hosts and android application to determine high risk vulnerabilities and industry threat alerts to understand which are applicable for Augmedix and then conduct exploit attack using Kali Linux, Nessus, BurpSuit, Metasploit or similar tools to validate threats.
- Secure software implementation/coding—work with QA to implement unit testing for security functionality and conduct independent security testing
- Perform related duties as requested or assigned by the Department.
- At least six years of experience in information security or enterprise IT governance role focused on secure IT operations, implementing/deploying security tools and information security reporting process to support secured IT and Business management.
- Advanced experience with conducting vulnerability analysis and penetration testing (VAPT) on infrastructure, network and web application.
- Excellent command of the English language, both written and oral communication.
- Ability to adapt effective communication style as appropriate for a given audience.
- Ability to be flexible, self-motivated, positive, and respond to the dynamics of a changing environment.
- Ability to exercise independent judgment within mutually understood and agreed-upon limitations.
- Ability to work under pressure and flexible on working hours to collaborate with multi-country teams across multiple geographic regions.
- Bachelor’s degree in computer science or engineering or information systems with relevant information security training and professional qualifications.
- Penetration testing certification such as CEH or ECSA is required.
- Any other certifications such as CISA/CISM is preferred.