Overview

Senior Digital Program Specialist - Application Security. The Asian Infrastructure Investment Bank (AIIB) is a multilateral development bank focused on Financing Infrastructure for Tomorrow in Asia and beyond—with sustainability at its core. AIIB began operations in Beijing in 2016 and has grown to include 110 approved members worldwide. The Information Technology Department (ITD) provides technical services in digital services, IT-related procurement, cybersecurity, IT risk and resilience, data management, digital learning, and digital transformation, ensuring alignment with the Bank''s needs and priorities.ITD is seeking a highly skilled and motivated Senior Digital Program Specialist for application security. This position ensures that the Bank''s applications are developed, deployed, and maintained securely, requiring a blend of technical expertise in secure software development, architectural principles, and the ability to align security practices with business objectives. The ideal candidate will understand application architecture and design patterns, secure coding practices, threat modeling, and will integrate security throughout the software development lifecycle (SDLC).Responsibilities

Define, implement, and oversee the application security framework, ensuring security is integrated into all stages of software development.Partner with architects, developers, and cross-functional teams to design secure application architectures and define security requirements throughout design, development, and deployment phases.Conduct threat modeling and security design reviews for new and existing applications.Perform static and dynamic code reviews to identify vulnerabilities and ensure adherence to secure coding standards.Lead initiatives for automated security testing and integration into CI/CD pipelines.Ensure that applications meet external compliance and internal security requirements and industry standards such as ISO and OWASP.Collaborate with project managers, product owners, and business stakeholders to align application security initiatives with business objectives, while fostering a culture of security awareness across all phases of the SDLC.Support cybersecurity incident response efforts related to application security.Continuously monitor and improve application security processes based on industry trends, emerging threats, and lessons learned.Define the key risk indicators and key control indicators for application security, and support application security related audit and control testing.Requirements

Bachelor''s degree in computer science, software engineering, information security, or a related discipline. Master’s degree would be a plus.8-10 years of relevant working experience in application security and related fields, preferably with financial institutions.Proficient in at least one programming language (e.g., .NET/C#, Java, JavaScript, Python).Hands-on experience with application security tools such as SAST, DAST, IAST, and RASP.In-depth knowledge of secure coding practices, application architecture (including microservices and APIs), and cloud design patterns.Strong understanding of information security standards and frameworks, including ISO 27001 and 27034, NIST SP 800-218, OWASP Top 10 and SAMM, and MITRE ATTandCK.Security certifications such as CISSP, CSSLP, CASE, GSSP, OSWE, or relevant Cloud certifications would be an advantage.Strong business acumen and the ability to balance technical security needs with business priorities.Strong reporting, writing, and communication skills. Fluent in oral and written English.Ability to work effectively in a multicultural organization.Strong interpersonal and influencing skills. Able to interact effectively with internal and external stakeholders.

#J-18808-Ljbffr