Marriott

Senior Manager, Mobile Application Security

PayCompetitive
LocationShanghai/Shanghai
Employment typeFull-Time

This job is now closed

Apply to similar jobs

  • Job Description

      Req#: 25124086

      JOB SUMMARY:

      Serve as a trusted security advisor and technical expert to the company’s mobile digital solutions as we continue to enhance customer experiences in Greater China. Performs application source code reviews, vulnerability testing and threat assessments. Leverages advanced tools, methods, and approaches to demonstrate weaknesses in applications. Responsible for assuring developers and technical personnel address application security issues in a timely fashion. Will routinely collaborate with various function teams as APAC digital team, HQ mobile team, legal team, IT team etc. and different security team members including, but not limited to architecture, vulnerability management, compliance, and incident response. This role will be based in China, as a member of Global Information Security team.

      CANDIDATE PROFILE

      Education and Experience

      Required:

      • Based in Shanghai or willingness to relocate to our Shanghai Office
      • 5+ years progressive experience in related fields such as mobile security, web application security, security coding, security design, threat analysis,
      • Full understanding of common OWASP flagship projects, ASVS, Top 10, Cheat Sheets, with an emphasis on application security and mobile security
      • Thorough understanding of common application security controls including but not limited to Static code review, Dynamic API scans, Web Application Firewall
      • Firsthand experience with mobile application security technical assessments is a must. This role is expected to perform white box & black box testing with common industry frameworks including commercial and open-sourced toolsets.
      • Firsthand coding experience is a must. Familiar with the most popular coding languages and common flaws associated with each.
      • Familiar with common network, endpoint and cloud security controls including but not limited to: Network Firewalls, Secure Web Gateways, Endpoint Protection tools and Data Loss Prevention technologies.
      • Proficient with review/producing reports in English.

      Preferred:

      • Familiar with regulated regulation such as China cyber security law, Personal information Protection Law etc.
      • Industry certifications from recognized entities such as Offensive Security, GIAC and ISC2.
      • Experiences with Red Team/Purple team is a plus.
      • Experiences with artificial intelligence in the security solutions field is a plus

      Key Stakeholders

      • Legal
      • Digital
      • IT
      • Global Information Security
      • Other roles involved in data and system protection

      CORE WORK ACTIVITIES

      China Mobile App compliance assurance

      • Works with digital product and mobile application development team and legal team to assure the China Mobile App is compliant with China regulatory security & privacy requirements
      • Perform necessary scans and manual test to identify privacy risks before release
      • Drive risk remediations from vulnerability management and threat assessment programs
      • Ensure China regulatory requirements are captured and embedded to existing S-SDLC framework

      Security Assessments

      • Works with other security team members to research and test for complex security issues. Including but not limited to manual findings validation, remediation confirmation, attack surface reduction
      • Creates and/or maintains threat models to communicate risks to engineers, project managers and other technical personnel
      • Ensures applications are built according to enterprise security standards
      • Be a subject-matter expert (SME), provide consulting services to development team

      Source Code Reviews

      • Works with APAC development teams to review application source code for security and operational risks
      • Provide guidance and recommendation to software architects and engineers on how to correct code related security flaws

      Administrative

      • Manage tickets and SLAs associated with security testing efforts for APAC assets.

      Marriott International is an equal opportunity employer. We believe in hiring a diverse workforce and sustaining an inclusive, people-first culture. We are committed to non-discrimination on any protected basis, such as disability and veteran status, or any other basis covered under applicable law.

  • About the company

Notice

Talentify is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected veteran status.

Talentify provides reasonable accommodations to qualified applicants with disabilities, including disabled veterans. Request assistance at accessibility@talentify.io or 407-000-0000.

Federal law requires every new hire to complete Form I-9 and present proof of identity and U.S. work eligibility.

An Automated Employment Decision Tool (AEDT) will score your job-related skills and responses. Bias-audit & data-use details: www.talentify.io/bias-audit-report. NYC applicants may request an alternative process or accommodation at aedt@talentify.io or 407-000-0000.

Other job opportunities

t mobile remote jobs
remote senior security compliance analyst
application reader jobs remote
application support jobs remote
college application reader jobs remote
More information about Marriott