Coins1mo ago

Application Security Engineering Manager

Philippines·Taguig CityFull-time Employeemid

SecurityOtherManagementSecurity Engineering Manager

4 views0 saves0 applied

Apply Now

Quick Summary

Overview

Join the Pioneer Crypto Brand in the Philippines! Coins is the most established crypto brand in The Philippines and has gained the trust of more than 18 million users.

Key Responsibilities

1. Application Security Strategy & System Construction Formulate the company’s long-term and short-term application security strategy, technical roadmap, and implementation plan, combining the company’s business development goals, risk control…

Requirements Summary

Has experience in building application security systems for compliant digital currency exchanges or payment institutions. Familiar with the security architecture of digital currency trading platforms, payment systems, and blockchain-related…

Technical Tools

awsazuregcpgojavapythoncode-reviewfintechperformance-management

Join the Pioneer Crypto Brand in the Philippines!

Coins is the most established crypto brand in The Philippines and has gained the trust of more than 18 million users. Through the easy-to-use mobile app, users can buy and sell a variety of different cryptocurrencies and access a wide range of financial services.

Coins is fully regulated by the Bangko Sentral ng Pilipinas (BSP) and is the first ever crypto-based company in Asia to hold both Virtual Currency and Electronic Money Issuer licenses from a central bank.

As an Application Security Engineering Manager, you will be the core leader of the company’s application security team, responsible for formulating and implementing the company’s application security strategy and technical roadmap. You will lead the team to build a full-lifecycle application security system covering requirements, design, development, testing, deployment, and operation, focusing on identifying and mitigating security risks of core business systems in digital currency trading and payment scenarios. This role requires in-depth understanding of application security technologies, rich team management experience, and familiarity with global regulatory requirements for digital assets and payment security, to ensure the security, stability, and compliance of the company’s application systems.

Responsibilities

~1 min read

Formulate the company’s long-term and short-term application security strategy, technical roadmap, and implementation plan, combining the company’s business development goals, risk control requirements, and regulatory compliance needs.

Lead the construction, optimization, and iteration of the application security system, including security development lifecycle (SDLC) management, vulnerability management, security code review, penetration testing, and security monitoring, to ensure the system’s comprehensiveness and effectiveness.

Establish and improve application security standards, specifications, and operation processes, including security coding standards, security test standards, and vulnerability handling processes, to standardize the application security work of the entire company.

Track the latest application security technologies, vulnerabilities, and attack methods, introduce advanced security tools and technical solutions, and continuously improve the company’s application security defense capabilities.

Build, manage, and develop the application security engineering team, formulate team OKRs, performance assessment standards, and talent training plans to improve the team’s professional capabilities (security code review, penetration testing, vulnerability research, etc.).

Arrange daily work assignments for the team, supervise work progress, solve technical difficulties in application security, and create a positive and collaborative team atmosphere.

Guide team members’ professional growth, organize technical training, security skill exchanges, and vulnerability emergency response drills, and cultivate a professional application security talent echelon.

Manage team performance, conduct regular performance reviews, and motivate team members to achieve work goals and improve work quality.

Lead the team to conduct application security risk assessments for core business systems (digital currency trading platform, payment system, user authentication system, etc.), identify potential security risks and vulnerabilities, and formulate targeted risk mitigation plans.

Promote the integration of security into the entire SDLC, conduct security reviews in the requirements and design phases, perform security code reviews and penetration testing in the development and testing phases, and implement security verification in the deployment phase.

Establish and manage the vulnerability management system, track the discovery, classification, remediation, and verification of vulnerabilities, ensure that high-risk vulnerabilities are handled in a timely manner, and reduce security risks.

Respond to application security incidents (such as code vulnerabilities, data leakage, and attack incidents), organize the team to conduct emergency disposal, investigate the root cause, and formulate prevention measures to avoid recurrence.

Ensure that application security work complies with global regulatory requirements (FATF, MiCA, local regulations) and industry standards (such as ISO 27001, PCI DSS), and meets the security and compliance requirements of digital currency and payment businesses.

Cooperate with the compliance team to complete application security-related compliance audits, risk assessments, and regulatory reporting, and provide relevant technical materials and explanations.

Participate in the formulation and improvement of the company’s information security compliance system, and promote the implementation of application security compliance requirements in all business links.

Communicate closely with R&D, product, testing, operation, and compliance departments to promote the integration of application security into business processes and ensure that security requirements are implemented in each link.

Provide application security technical support and guidance for R&D teams, including security coding training, vulnerability remediation guidance, and security solution consultation.

Promote enterprise-wide application security awareness training, improve the security awareness of employees in all departments, and reduce security risks caused by human factors.

Cooperate with the network security, data security, and other teams to build a comprehensive information security defense system and ensure the overall security of the company’s business.

Experience: 8+ years of application security or related work experience, including 3+ years of senior application security team management experience; preferred experience in fintech, digital currency, payment, or blockchain industries. Deep understanding of the application security risks and characteristics of digital currency trading and payment systems.
Professional Expertise:
1. Proficient in application security technologies, including security code review, penetration testing, vulnerability research, SDLC security management, and application security monitoring.
2. Familiar with common application security vulnerabilities (OWASP Top 10) and attack methods, and have rich experience in vulnerability discovery and remediation.
3. Proficient in at least one programming language (Java, Python, Go, etc.), able to conduct security code review and customize penetration testing tools.
4. Familiar with application security tools (such as SAST, DAST, IAST, vulnerability scanners) and able to lead the team to use and optimize these tools.
5. Understanding of global regulatory requirements (FATF, MiCA, etc.) and industry standards (ISO 27001, PCI DSS) related to digital assets and payment security.
Leadership & Management: Excellent leadership and team management capabilities, able to build and lead a high-performance application security team; strong cross-departmental coordination and resource integration capabilities.
Analytical & Problem-Solving: Strong security sensitivity and analytical thinking, able to quickly identify application security risks and provide effective solutions; have experience in handling major application security incidents.
Communication Skills: Excellent oral and written communication skills in both Chinese and English, able to effectively communicate with senior management, R&D teams, and regulatory authorities.
Education: Bachelor’s degree or above in Computer Science, Information Security, Network Security, or related fields; relevant professional certifications (such as CISSP, CISM, CEH) are preferred.

Requirements

~1 min read

Has experience in building application security systems for compliant digital currency exchanges or payment institutions.

Familiar with the security architecture of digital currency trading platforms, payment systems, and blockchain-related applications, and has experience in solving complex application security problems.

Has experience in leading large-scale application security projects (such as SDLC security transformation, vulnerability management system construction) and has achieved remarkable results.

Familiar with cloud security technologies and has experience in building application security systems in cloud environments (AWS, GCP, Azure, etc.).

Join the Coins Team Now!

Meaningful Collaborations - The successful candidate will work cross-functionally with other relevant teams to carry out implementations that will improve and create an impact on customer experience.

Scalable Growth - Be part of a fast-growing organization with the vision to expand its territories outside APAC which will provide opportunities for career advancement.

A Space For Bright Ideas - Let your bright ideas be converted into meaningful changes! Coins culture welcomes new ideas backed up by data to create an impact.