Application Security Solution Architect - AVP -... @ Hong Kong Exchanges and Clearing Limited (HKEX)
Your Application Journey
Email Hiring Manager
Job Details
Company Introduction
We’re home to Asia's most dynamic and vibrant capital markets, connecting capital, ideas, inspiration and innovation for deeper, more diverse and liquid global capital markets. Our purpose is to connect, promote and progress our markets and the communities they support for the prosperity of all.
Job Summary
The Application Security Solution Architect - AVP - Information Security for HKEX Group is responsible for translating group-wide information and cyber security strategy into secure application solutions. The role balances global business objectives with the security threat and risk profile of critical national infrastructure.
Job Duties
- Architectural Oversight: Engineer secure application architectures within risk tolerance levels.
- Support Development Teams: Collaborate on threat modeling, secure coding practices and assurance tools.
- Integration Recommendations: Advise on secure coding, web application firewalls, SBOM, and CI/CD security.
- Security Assurance Tools: Leverage tools, onboard issues and support developers.
- Collaboration with Security Engineering: Integrate security solutions into development processes.
- Requirement & Review: Develop and review security requirements for application projects.
- System Architecture Review: Ensure security assurance and compliance with criteria.
- Reference Patterns: Create security standards and reference patterns for application development.
- Data Security: Review implementation of controls for data storage systems.
- Kubernetes/Cloud Security: Apply security expertise in containerized and cloud environments.
- Collaborative Project Delivery: Work with project teams to meet security standards and timelines.
- Governance Participation: Contribute to architecture community forums and working groups.
Job Requirements
Candidates should hold a relevant degree in Computer Science, Information Management, or equivalent experience. They need significant experience in information and cyber security, with expertise in application threat modeling, secure coding (e.g., Java, C++, .Net, Node.js, Go) and DevSecOps practices. Familiarity with security frameworks (SABSA, TOGAF, NIST CSF) and certifications (CISSP, CCSP, etc.) is essential.
Additional Qualifications
- Experience with automated build/deployment pipelines and vulnerability management.
- Expertise in operating security tools: SAST, SCA, DAST, IAST, and SBOM.
- Practical skills in automation scripting using Python and APIs.
- Familiarity with public/private cloud security and Kubernetes technologies.
- Ability to contribute to internal audit, risk, and control management processes.
Core Competencies & Personal Qualities
Intelligent, articulate, and persuasive self-starter with strong business acumen and technology knowledge. Excellent communication skills, effective stakeholder management, and a collaborative mindset are necessary in a fast-paced environment.
Equal Opportunity
HKEX is an Equal Opportunity Employer that supports diverse perspectives and cultures within the workplace.
Location & Work Details
Location: TKO, Hong KongWeekly Hours: 40Employment Type: Permanent
Key skills/competency
- Application Security
- Cyber Security
- Threat Modeling
- Secure Coding
- DevSecOps
- CI/CD
- Kubernetes
- Cloud Security
- Risk Management
- Architecture
How to Get Hired at Hong Kong Exchanges and Clearing Limited (HKEX)
🎯 Tips for Getting Hired
- Research HKEX's culture: Understand their market and security focus.
- Customize your resume: Highlight cyber security and architecture expertise.
- Showcase tool experience: Detail work with SAST, DAST, and SBOM.
- Prepare for behavioral questions: Practice scenarios on team collaboration.