Head of Production Security

CORE PROFILE

The Head of Production Security at Maya Philippines, Inc. is a senior leadership role responsible for defining and executing the company’s application security strategy. This position ensures the security of software applications through robust DevSecOps practices, threat modeling, secure coding, and compliance with regulatory frameworks such as BSP, PCI-DSS, and ISO 27001. Reporting to the CISO or Head of Cybersecurity, the role requires deep expertise in security testing, cloud security, offensive security, and CI/CD security integration. With at least 8 years of experience in application security—3 of which in a leadership role—the ideal candidate possesses strong technical skills, strategic thinking, and the ability to collaborate with development, DevOps, and compliance teams to foster a security-first culture.

NATURE OF WORK

• Develop and execute an application security strategy aligned with business and regulatory requirements.
• Establish security policies, standards, and best practices for application development and deployment.
• Conduct security assessments, threat modeling, and code reviews to identify vulnerabilities.
• Implement and oversee security automation tools such as SAST, DAST, and IAST to enhance secure development.
• Lead and mentor a team of security engineers and analysts to improve security posture.
• Collaborate with development, DevOps, and infrastructure teams to integrate security into CI/CD pipelines (DevSecOps).
• Manage security incident response related to application vulnerabilities and breaches.
• Ensure compliance with regulatory frameworks such as BSP, PCI-DSS, ISO 27001, and NIST standards.
• Engage in security awareness training and promote secure coding practices across teams.
• Stay updated on emerging threats, vulnerabilities, and cybersecurity trends.

REQUIRED QUALIFICATIONS

• Bachelor’s or Master’s degree in Computer Science, Information Security, or a related field.
• 8+ years of experience in application security, with at least 3 years in a leadership role.
• Strong knowledge of secure software development lifecycle (SSDLC) and DevSecOps practices
• Experience with security testing tools such as Burp Suite, OWASP ZAP, Veracode, or similar.
• Expertise in authentication, authorization, encryption, and identity management principles.
• Familiarity with cloud security (AWS, Azure, or GCP) and container security (Kubernetes, Docker).
• Relevant certifications such as CISSP, AWS Security Specialty, CISM, OSCP, CEH, or CSSLP are preferred.