Application Security Solution Architect - AVP -...

@ Hong Kong Exchanges and Clearing Limited (HKEX)

Company Introduction

We’re home to Asia's most dynamic and vibrant capital markets, connecting capital, ideas, inspiration and innovation for deeper, more diverse and liquid global capital markets. Our purpose is to connect, promote and progress our markets and the communities they support for the prosperity of all.

Job Summary

The Application Security Solution Architect - AVP - Information Security for HKEX Group is responsible for translating group-wide information and cyber security strategy into secure application solutions. The role balances global business objectives with the security threat and risk profile of critical national infrastructure.

Job Duties

• Architectural Oversight: Engineer secure application architectures within risk tolerance levels.
• Support Development Teams: Collaborate on threat modeling, secure coding practices and assurance tools.
• Integration Recommendations: Advise on secure coding, web application firewalls, SBOM, and CI/CD security.
• Security Assurance Tools: Leverage tools, onboard issues and support developers.
• Collaboration with Security Engineering: Integrate security solutions into development processes.
• Requirement & Review: Develop and review security requirements for application projects.
• System Architecture Review: Ensure security assurance and compliance with criteria.
• Reference Patterns: Create security standards and reference patterns for application development.
• Data Security: Review implementation of controls for data storage systems.
• Kubernetes/Cloud Security: Apply security expertise in containerized and cloud environments.
• Collaborative Project Delivery: Work with project teams to meet security standards and timelines.
• Governance Participation: Contribute to architecture community forums and working groups.

Job Requirements

Candidates should hold a relevant degree in Computer Science, Information Management, or equivalent experience. They need significant experience in information and cyber security, with expertise in application threat modeling, secure coding (e.g., Java, C++, .Net, Node.js, Go) and DevSecOps practices. Familiarity with security frameworks (SABSA, TOGAF, NIST CSF) and certifications (CISSP, CCSP, etc.) is essential.

Additional Qualifications

• Experience with automated build/deployment pipelines and vulnerability management.
• Expertise in operating security tools: SAST, SCA, DAST, IAST, and SBOM.
• Practical skills in automation scripting using Python and APIs.
• Familiarity with public/private cloud security and Kubernetes technologies.
• Ability to contribute to internal audit, risk, and control management processes.

Core Competencies & Personal Qualities

Intelligent, articulate, and persuasive self-starter with strong business acumen and technology knowledge. Excellent communication skills, effective stakeholder management, and a collaborative mindset are necessary in a fast-paced environment.

Equal Opportunity

HKEX is an Equal Opportunity Employer that supports diverse perspectives and cultures within the workplace.

Location & Work Details

Location: TKO, Hong KongWeekly Hours: 40Employment Type: Permanent

Key skills/competency

• Application Security
• Cyber Security
• Threat Modeling
• Secure Coding
• DevSecOps
• CI/CD
• Kubernetes
• Cloud Security
• Risk Management
• Architecture