Application Security Engineering Manager

Key Responsibilities

1. Application Security Strategy & System Construction

• Formulate the company’s long-term and short-term application security strategy, technical roadmap, and implementation plan, combining the company’s business development goals, risk control requirements, and regulatory compliance needs.
• Lead the construction, optimization, and iteration of the application security system, including security development lifecycle (SDLC) management, vulnerability management, security code review, penetration testing, and security monitoring, to ensure the system’s comprehensiveness and effectiveness.
• Establish and improve application security standards, specifications, and operation processes, including security coding standards, security test standards, and vulnerability handling processes, to standardize the application security work of the entire company.
• Track the latest application security technologies, vulnerabilities, and attack methods, introduce advanced security tools and technical solutions, and continuously improve the company’s application security defense capabilities.

2. Team Management & Development

• Build, manage, and develop the application security engineering team, formulate team OKRs, performance assessment standards, and talent training plans to improve the team’s professional capabilities (security code review, penetration testing, vulnerability research, etc.).
• Arrange daily work assignments for the team, supervise work progress, solve technical difficulties in application security, and create a positive and collaborative team atmosphere.
• Guide team members’ professional growth, organize technical training, security skill exchanges, and vulnerability emergency response drills, and cultivate a professional application security talent echelon.
• Manage team performance, conduct regular performance reviews, and motivate team members to achieve work goals and improve work quality.

3. Application Security Risk Management & Control

• Lead the team to conduct application security risk assessments for core business systems (digital currency trading platform, payment system, user authentication system, etc.), identify potential security risks and vulnerabilities, and formulate targeted risk mitigation plans.
• Promote the integration of security into the entire SDLC, conduct security reviews in the requirements and design phases, perform security code reviews and penetration testing in the development and testing phases, and implement security verification in the deployment phase.
• Establish and manage the vulnerability management system, track the discovery, classification, remediation, and verification of vulnerabilities, ensure that high-risk vulnerabilities are handled in a timely manner, and reduce security risks.
• Respond to application security incidents (such as code vulnerabilities, data leakage, and attack incidents), organize the team to conduct emergency disposal, investigate the root cause, and formulate prevention measures to avoid recurrence.

4. Compliance & Regulatory Support

• Ensure that application security work complies with global regulatory requirements (FATF, MiCA, local regulations) and industry standards (such as ISO 27001, PCI DSS), and meets the security and compliance requirements of digital currency and payment businesses.
• Cooperate with the compliance team to complete application security-related compliance audits, risk assessments, and regulatory reporting, and provide relevant technical materials and explanations.
• Participate in the formulation and improvement of the company’s information security compliance system, and promote the implementation of application security compliance requirements in all business links.

5. Cross-departmental Collaboration & Security Promotion

• Communicate closely with R&D, product, testing, operation, and compliance departments to promote the integration of application security into business processes and ensure that security requirements are implemented in each link.
• Provide application security technical support and guidance for R&D teams, including security coding training, vulnerability remediation guidance, and security solution consultation.
• Promote enterprise-wide application security awareness training, improve the security awareness of employees in all departments, and reduce security risks caused by human factors.
• Cooperate with the network security, data security, and other teams to build a comprehensive information security defense system and ensure the overall security of the company’s business.

1. Experience: 8+ years of application security or related work experience, including 3+ years of senior application security team management experience; preferred experience in fintech, digital currency, payment, or blockchain industries. Deep understanding of the application security risks and characteristics of digital currency trading and payment systems.
2. Professional Expertise:
   1. Proficient in application security technologies, including security code review, penetration testing, vulnerability research, SDLC security management, and application security monitoring.
   2. Familiar with common application security vulnerabilities (OWASP Top 10) and attack methods, and have rich experience in vulnerability discovery and remediation.
   3. Proficient in at least one programming language (Java, Python, Go, etc.), able to conduct security code review and customize penetration testing tools.
   4. Familiar with application security tools (such as SAST, DAST, IAST, vulnerability scanners) and able to lead the team to use and optimize these tools.
   5. Understanding of global regulatory requirements (FATF, MiCA, etc.) and industry standards (ISO 27001, PCI DSS) related to digital assets and payment security.
3. Leadership & Management: Excellent leadership and team management capabilities, able to build and lead a high-performance application security team; strong cross-departmental coordination and resource integration capabilities.
4. Analytical & Problem-Solving: Strong security sensitivity and analytical thinking, able to quickly identify application security risks and provide effective solutions; have experience in handling major application security incidents.
5. Communication Skills: Excellent oral and written communication skills in both Chinese and English, able to effectively communicate with senior management, R&D teams, and regulatory authorities.
6. Education: Bachelor’s degree or above in Computer Science, Information Security, Network Security, or related fields; relevant professional certifications (such as CISSP, CISM, CEH) are preferred.

Preferred Qualifications

• Has experience in building application security systems for compliant digital currency exchanges or payment institutions.
• Familiar with the security architecture of digital currency trading platforms, payment systems, and blockchain-related applications, and has experience in solving complex application security problems.
• Has experience in leading large-scale application security projects (such as SDLC security transformation, vulnerability management system construction) and has achieved remarkable results.
• Familiar with cloud security technologies and has experience in building application security systems in cloud environments (AWS, GCP, Azure, etc.).