Application Security Manager
About the Company
AllSTARSIT is an international Software R&D, Technical Support, and Talent Acquisition service provider established in 2004. The company specializes in software development services for clients across industries as diverse as cybersecurity, healthcare, fintech, telecommunications, media, and more.
About the Project
Bolttech is an international insurtech with a mission to build the world’s leading, technology-enabled ecosystem for protection and insurance. With a full suite of digital and data-driven capabilities, bolttech powers connections between insurers, distributors, and customers to make it easier and more efficient to buy and sell insurance and protection products.
A part of Pacific Century Group, bolttech serves customers in multiple markets across North America, Asia and Europe.
Years on the market
Team size and structure
Current technology stack
- At least 7 years professional experience implementing and managing all aspect of secure software development practices
- Excellent knowledge of all vulnerabilities and weaknesses in the OWASP Top 10, WASC TCv2, and CWE 25 and effective defensive techniques
- Familiarity with industry standards and regulations including PCI, SOX, and ISO27001
- Hands-on experience with automated testing solutions (SAST, DAST, IAST, SCA) and integrating these into the development lifecycle
- Understanding of current technology and regulatory trends affecting financial institution information security programs
- Demonstrated exceptional written and verbal English communication skills
Scope of work:
Drive bolttech’s application security (AppSec) and DevSecOps strategy across the Group and its Business Units leveraging the latest technologies on the market.
- Advising on application security best practices and supporting the development teams in product delivery, including architecture review processes whenever application security expertise is needed
- Improving and maintaining secure development standards
- Supporting the incident response and architecture review processes whenever application security expertise is needed
- Applying DevSecOps and agile methodologies across the organization
- Coordinating security assessments, including penetration tests and a bug bounty program
- Producing metrics reporting the state of application security programs an performance of development teams against requirements
Learning & Development program: we offer a team of senior developers, mentorship program, individual budget for self-education, free English, Spanish, and Polish courses, English for kids, regular tech & educational meetups, ability to become a meetup speaker, and online course subscriptions, among other perks and opportunities.
Wellness program: extended medical insurance, yoga & stretching, personal psychologist, sport/hobby compensation, Covid-19/flu vaccination, rewarding culture, and unique corporate gifts.
Balanced lifestyle: workation programs, memorable corporate parties abroad, team building activities, Happy Fridays, family events, and charity events.