Application Security Engineer
Indexed description
Be #InGoodHands with Metrobank!
Here at Metrobank, we don't simply hire employees—we hone future leaders. We provide opportunities that enhance your skills and unlock your talents, helping you evolve into a well-rounded individual. We supply you with all the pieces you need to do your best work, unleashing your full potential to help you secure your future and lead a fulfilling career. And with Metrobank's strong heart for the community, you have the chance to give back and make worthwhile contributions to our nation's economic and social development. With Metrobank, a meaningful life is within your reach!
The Application Security Engineer is responsible for implementing and maintaining application security standards, controls, and best practices across the organization. The role supports the execution of the application security strategy, provides technical expertise on security architecture and enterprise security initiatives, and helps assess and address security risks in applications and systems. The Application Security Engineer also leads the evaluation and implementation of security tools, ensures the effectiveness of security controls, prepares project documentation, and serves as the subject matter expert for application security within assigned technology domains, such as web and mobile applications.
Key Responsibilities
- Develop detailed security designs based on approved IT security and application security architectures.
- Create, review, and maintain IT security policies, standards, procedures, and guidelines to protect the Bank’s information assets, systems, and third-party services.
- Serve as the application security subject matter expert and support teams in identifying security gaps and recommending appropriate controls and enhancements.
- Assess and recommend cost-effective security solutions and prepare business cases for security initiatives.
- Oversee the testing, implementation, and effectiveness of security controls and technologies.
- Define, document, and maintain secure configuration standards for application security tools and platforms.
- Conduct regular security configuration reviews to ensure controls remain effective and optimized.
- Monitor security tools and systems and coordinate with IT teams to ensure timely issue resolution.
- Review vendor performance and participate in vendor risk assessment activities.
- Evaluate security impacts of changes and installations within the CI/CD pipeline.
- Implement and maintain baseline security standards for application development environments.
- Collaborate with cross-functional teams to deliver integrated and effective information security services.
- Establish and regularly test disaster recovery strategies for security tools and platforms.
- Stay current with emerging security technologies, industry trends, threats, and vulnerabilities.
- Provide guidance and oversight to Infrastructure Security Specialists.
- Support the continuous improvement of the Bank’s information security programs, strategies, and controls.
- Perform other information security governance, risk, and compliance responsibilities as assigned.
Qualifications:
- Bachelor's degree in computer science, Information Security, or a related technical field.
- Strong knowledge of secure coding practices and the OWASP Top 10.
- Experience in designing and implementing CI/CD pipelines.
- Relevant security certifications such as CISSP, CISM, SANS GIAC, GWAPT, or equivalent are an advantage.
- At least 3 years of experience in designing, implementing, and managing application security solutions (e.g., SAST, DAST, IAST).
- Strong analytical skills with the ability to identify security risks and recommend effective mitigation strategies.
- Knowledge of scripting and programming languages is a plus.
- Excellent written and verbal communication skills, including the ability to prepare technical reports and explain security concepts clearly.
- Up-to-date knowledge of cybersecurity trends, threats, vulnerabilities, and security best practices.
- Self-motivated and results-oriented, with a strong focus on driving risk remediation and security improvements.
- Strong collaboration and teamwork skills, with the ability to lead security-related initiatives.
- Good project management skills and the ability to deliver tasks and projects within agreed timelines.
- Ability to communicate complex security topics to both technical and non-technical stakeholders in a clear and understandable manner.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search