Application security specialist

Our client, a tier 1 global insurance group , is strengthening its enterprise Application Security capability as part of an ongoing technology and cyber risk transformation. They are seeking an Application Security Specialist with strong hands‑on experience in application security assessments, vulnerability management, and remediation delivery to support critical business applications within a highly regulated environment. This role offers strong visibility across application, infrastructure, and risk teams, and is well suited for security professionals who enjoy hands‑on assessment work combined with stakeholder engagement. This role initially starts as a 12-month contract role, with an opportunity to extend or convert into a permanent position.
Responsibilities
Conduct application security and vulnerability assessments across enterprise systems
Review, interpret, and explain security assessment and penetration testing reports, clearly articulating risk impact and remediation actions
Support end-to-end vulnerability lifecycle management, including identification, prioritisation, remediation tracking, and closure
Work closely with application, Dev Ops, infrastructure, and risk teams to drive effective remediation outcomes
Participate in secure SDLC / Dev Sec Ops-aligned delivery, embedding security considerations across design, testing, and deployment phases
Support audit, assurance, and compliance activities, including preparation of security documentation and evidence
Contribute to the development and continuous improvement of application security standards and practices
Qualifications
Bachelor’s degree in Computer Science, Information Security, or a related discipline
Hands‑on experience in information security, application security, or technology risk roles
Strong practical experience in Application Security and Vulnerability Assessment
Solid understanding of common application security risks, and remediation approaches
Experience reviewing vulnerability scanning and penetration testing results
Familiarity with Dev Sec Ops or secure SDLC practices
Exposure to IAM / PAM, cloud or platform security is advantageous
Excellent communication skills with the ability to explain security risks to both technical and non‑technical stakeholders
Experience within insurance or regulated financial services environments is highly preferred
Fluent in English, Cantonese, and Mandarin
Professional certifications (e.g. ISO 27001, CISSP, CSSLP, or equivalent) are an advantage
Immediate availability is highly preferred.
#J-18808-Ljbffr