Application Security Engineering Manager
Skills
About the Role
You will lead the company's application security team, formulating and implementing application security strategy and technical roadmap. You'll build a full-lifecycle application security system covering requirements, design, development, testing, deployment, and operation, focusing on identifying and mitigating security risks in digital currency trading and payment systems. You will manage and grow your team, drive risk assessments and vulnerability management, ensure compliance with global regulatory requirements, and collaborate closely with R&D, product, testing, operation, and compliance departments to embed security across the business.
Requirements
- 8+ years of application security or related work experience, including 3+ years of senior application security team management experience
- Preferred experience in fintech, digital currency, payment, or blockchain industries
- Deep understanding of application security risks of digital currency trading and payment systems
- Proficient in application security technologies including security code review, penetration testing, vulnerability research, SDLC security management, and application security monitoring
- Familiar with OWASP Top 10 and attack methods with experience in vulnerability discovery and remediation
- Proficient in at least one programming language (Java, Python, Go, etc.)
- Familiar with application security tools such as SAST, DAST, IAST, vulnerability scanners
- Understanding of global regulatory requirements (FATF, MiCA) and industry standards (ISO 27001, PCI DSS)
- Excellent leadership and team management capabilities
- Strong cross-departmental coordination and resource integration capabilities
- Strong security sensitivity and analytical thinking
- Experience in handling major application security incidents
- Excellent oral and written communication skills in both Chinese and English
- Bachelor's degree or above in Computer Science, Information Security, Network Security, or related fields
- Relevant professional certifications such as CISSP, CISM, CEH preferred
Responsibilities
- Formulate the company's long-term and short-term application security strategy, technical roadmap, and implementation plan
- Lead the construction, optimization, and iteration of the application security system including SDLC management, vulnerability management, security code review, penetration testing, and security monitoring
- Establish and improve application security standards, specifications, and operation processes
- Track the latest application security technologies, vulnerabilities, and attack methods and introduce advanced security tools
- Build, manage, and develop the application security engineering team and formulate team OKRs and performance standards
- Arrange daily work assignments, supervise progress, and solve technical difficulties for the team
- Guide team members' professional growth through training, skill exchanges, and emergency response drills
- Manage team performance and conduct regular performance reviews
- Lead application security risk assessments for core business systems and formulate risk mitigation plans
- Promote the integration of security into the entire SDLC
- Establish and manage the vulnerability management system
- Respond to application security incidents and organize emergency disposal and root cause investigation
- Ensure application security work complies with global regulatory requirements and industry standards
- Cooperate with the compliance team on audits, risk assessments, and regulatory reporting
- Participate in the formulation and improvement of the company's information security compliance system
- Communicate with R&D, product, testing, operation, and compliance departments to integrate security into business processes
- Provide application security technical support and guidance for R&D teams
- Promote enterprise-wide application security awareness training
- Cooperate with network security and data security teams to build a comprehensive information security defense system
