Application Security Solution Architect - AVP -...
@ Hong Kong Exchanges and Clearing Limited (HKEX)

Hong Kong, Hong Kong SAR
HK$0
On Site
Full Time
Posted 10 hours ago

Your Application Journey

Personalized Resume
Apply
Email Hiring Manager
Interview

Email Hiring Manager

XXXXXXXXXX XXXXXXXXXXX XXXXXXXXXX******* @hkex.com
Recommended after applying

Job Details

Company Introduction

We’re home to Asia's most dynamic and vibrant capital markets, connecting capital, ideas, inspiration and innovation for deeper, more diverse and liquid global capital markets. Our purpose is to connect, promote and progress our markets and the communities they support for the prosperity of all.

Job Summary

The Application Security Solution Architect - AVP - Information Security for HKEX Group is responsible for translating group-wide information and cyber security strategy into secure application solutions. The role balances global business objectives with the security threat and risk profile of critical national infrastructure.

Job Duties

  • Architectural Oversight: Engineer secure application architectures within risk tolerance levels.
  • Support Development Teams: Collaborate on threat modeling, secure coding practices and assurance tools.
  • Integration Recommendations: Advise on secure coding, web application firewalls, SBOM, and CI/CD security.
  • Security Assurance Tools: Leverage tools, onboard issues and support developers.
  • Collaboration with Security Engineering: Integrate security solutions into development processes.
  • Requirement & Review: Develop and review security requirements for application projects.
  • System Architecture Review: Ensure security assurance and compliance with criteria.
  • Reference Patterns: Create security standards and reference patterns for application development.
  • Data Security: Review implementation of controls for data storage systems.
  • Kubernetes/Cloud Security: Apply security expertise in containerized and cloud environments.
  • Collaborative Project Delivery: Work with project teams to meet security standards and timelines.
  • Governance Participation: Contribute to architecture community forums and working groups.

Job Requirements

Candidates should hold a relevant degree in Computer Science, Information Management, or equivalent experience. They need significant experience in information and cyber security, with expertise in application threat modeling, secure coding (e.g., Java, C++, .Net, Node.js, Go) and DevSecOps practices. Familiarity with security frameworks (SABSA, TOGAF, NIST CSF) and certifications (CISSP, CCSP, etc.) is essential.

Additional Qualifications

  • Experience with automated build/deployment pipelines and vulnerability management.
  • Expertise in operating security tools: SAST, SCA, DAST, IAST, and SBOM.
  • Practical skills in automation scripting using Python and APIs.
  • Familiarity with public/private cloud security and Kubernetes technologies.
  • Ability to contribute to internal audit, risk, and control management processes.

Core Competencies & Personal Qualities

Intelligent, articulate, and persuasive self-starter with strong business acumen and technology knowledge. Excellent communication skills, effective stakeholder management, and a collaborative mindset are necessary in a fast-paced environment.

Equal Opportunity

HKEX is an Equal Opportunity Employer that supports diverse perspectives and cultures within the workplace.

Location & Work Details

Location: TKO, Hong KongWeekly Hours: 40Employment Type: Permanent

Key skills/competency

  • Application Security
  • Cyber Security
  • Threat Modeling
  • Secure Coding
  • DevSecOps
  • CI/CD
  • Kubernetes
  • Cloud Security
  • Risk Management
  • Architecture

How to Get Hired at Hong Kong Exchanges and Clearing Limited (HKEX)

🎯 Tips for Getting Hired

  • Research HKEX's culture: Understand their market and security focus.
  • Customize your resume: Highlight cyber security and architecture expertise.
  • Showcase tool experience: Detail work with SAST, DAST, and SBOM.
  • Prepare for behavioral questions: Practice scenarios on team collaboration.

📝 Interview Preparation Advice

Technical Preparation

Review secure coding practices in Java and C++.
Study CI/CD pipeline security and automation tools.
Familiarize with SAST, SCA, DAST, IAST, SBOM usage.
Understand Kubernetes and cloud security configurations.

Behavioral Questions

Describe a time you solved a security challenge.
Explain your experience collaborating with development teams.
Discuss managing stakeholder expectations under pressure.
Share an example of implementing secure coding best practices.

Frequently Asked Questions