Senior Digital Program Specialist - Application Security (6059)

The Asian Infrastructure Investment Bank (AIIB) is a multilateral development bank whose mission is Financing Infrastructure for Tomorrow in Asia and beyond—infrastructure with sustainability at its core. We began operations in Beijing in 2016 and have since grown to 110 approved members worldwide. We are capitalized at USD100 billion and AAA-rated by the major international credit rating agencies. Collaborating with partners, AIIB meets clients’ needs by unlocking new capital and investing in infrastructure that is green, technology-enabled and promotes regional connectivity.

The Information Technology Department (ITD) provides technical services in the areas of digital services, IT-related procurement, cybersecurity, IT risk and resilience, data management, digital learning, and digital transformation, ensuring their overall alignment with the Bank’s needs and priorities. The team oversees the development and refinement of the IT strategy as well as the effective management of technology resources and the provision of technical support across Bank operations. These efforts are critical to fostering a digital and data-driven culture within the Bank aligned with its Corporate Strategy, promoting the innovation of digital infrastructures, and ensuring the smooth operation and security of daily banking functions.

The ITD is seeking a highly skilled and motivated Senior Digital Program Specialist on Application Security. This position plays a pivotal role in ensuring that the Bank’s applications are developed, deployed, and maintained securely. This role requires a unique blend of technical expertise in secure software development, a strong understanding of architectural principles, and the ability to align security practices with business objectives. The ideal candidate will have a solid grasp of application architecture and design patterns, secure coding practices, threat modeling, and a proactive approach to integrating security throughout the Software Development Lifecycle.
 

Responsibilities:

• Define, implement, and oversee the Application Security framework, ensuring security is integrated into all stages of software development.
• Partner with architects, developers, and cross-functional teams to design secure application architectures and define security requirements throughout the design, development, and deployment phases.
• Conduct threat modeling and security design reviews for new and existing applications.
• Perform static and dynamic code reviews to identify vulnerabilities and ensure adherence to secure coding standards.
• Lead initiatives for automated security testing and integration into CI/CD pipelines.
• Ensure applications meet external compliance and internal security requirements, and industry standards such as ISO and OWASP.
• Collaborate with project managers, product owners, and business stakeholders to align application security initiatives with business objectives, while fostering a culture of security awareness across all phases of the SDLC.
• Support cybersecurity incident response efforts related to application security.
• Continuously monitor and improve application security processes based on industry trends, emerging threats, and lessons learned.
• Define the key risk indicators and key control indicators for application security, and support application security related audit and control testing. 
   

Requirements:

• Bachelor’s degree in computer science, software engineering, information security, or in a related discipline. Master's degree would be a plus.
• 8-10 years of relevant working experience in application security and relevant fields, preferably with financial institutions.
• Proficient in at least one programming language (e.g., .NET/C#, Java, JavaScript, Python).
• Hands-on experience with application security tools such as SAST, DAST, IAST, and RASP.
• In-depth knowledge of secure coding practices, application architecture, including microservices, APIs, and cloud-native design patterns, to effectively assess and secure complex application ecosystems.
• Strong understanding of information security standards and frameworks, including ISO 27001 and 27034, NIST SP800-218, OWASP Top 10 and SAMM, MITRE ATT&CK, etc.
• Security certifications such as CISSP, CSSLP, CASE, GSSP, OSWE, or relevant Cloud certifications would be an advantage.
• Strong business acumen and the ability to balance technical security needs with business priorities.
• Strong reporting, writing and communication skills, fluent in oral and written English.
• Ability to work effectively in a multicultural organization.
• Strong interpersonal and influencing skills, able to interact effectively with internal and external stakeholders.
   

AIIB is committed to diversity, transparency and inclusion. We believe our strength comes from having a team with the right diverse skills, experiences and abilities selected through a merit-based competitive process. We actively encourage applications from people from both within and outside AIIB members, regardless of nationality, religion, gender, race, disability or sexual orientation.

Previous experience and qualifications will determine the grade and job title at which successful applicants will enter AIIB.

Join us and help create a prosperous and sustainable Asia while growing your career in a diverse and innovative environment.