Security Architecture and Security Advisory

Security Architecture and Security Advisory

Krungthai Bank PCL.

Defines and enhances application security architecture, provides security advisory to development and delivery teams, and ensures secure design practices and applicationlevel controls are consistently implemented across the SDLC.

Responsibilities

1. Define and maintain secure application architecture patterns, ensuring that applications follow industrystandard security principles and organizational security requirements.
2. Integrate application security controls into system and solution designs, ensuring alignment with enterprise security architecture.
3. Embed security requirements, threat modeling, and risk assessments into the SDLC using OWASP ASVS, OWASP SAMM, and other relevant frameworks. Advise delivery teams on compliance with security policies, standards, guidelines, and best practices related to application development and deployment.
4. Review application source code, SAST results, and other application security testing outputs to ensure compliance with security standards and identify remediation paths.
5. Collaborate with infrastructure and security teams to ensure application level controls (authentication, authorization, encryption, logging, etc.) are implemented effectively.
6. Security Advisory & Collaboration
7. Recommend application focused security solutions and control enhancements to address identified risks in a timely manner.
8. Work closely with cross functional security teams to ensure application security requirements are integrated into broader infrastructure and platform initiatives.
9. Collaborate with other information security teams to support IT and engineering groups in delivering secure solutions, ensuring key application related security controls operate as intended.
10. Recommend applicationfocused security solutions and control enhancements to address identified risks in a timely manner.
11. Support the development of secure coding standards, reusable security patterns, and developerfriendly guidance to uplift overall application security maturity.
12. Monitor industry trends, technologies, and best practices in application security to continuously improve the organization's security posture.

Qualifications

• Bachelor's or Master's degree in Computer Science, Computer Engineering, or a related IT field.
• Strong skills in security advisory, analysis, and problemsolving.
• Solid understanding of application security, security protocols, cryptography, authentication, authorization, MFA, SSO, identity management, and related technologies.
• Familiarity with OWASP standards, including OWASP Top 10, ASVS, and secure coding practices.
• Application development experience (2+ years) is a plus.
• Experience in web application penetration testing (1+ years) is a plus.
• Experience with IT auditing or global security standards (e.g., PCIDSS, NIST, ISO) is a plus.
• Knowledge of emerging banking technologies and associated security controls is a plus.
• Relevant security certifications are a plus (e.g., Security+, CEH, OSWE, OSCP, CISSP, CSSLP, CISM).
• Ability to learn quickly and work effectively under pressure.
• Good command of English.

Contact : 0629541963 (K.Kanyarut)

You have read and reviewed Krung Thai Bank Public Company Limited's Privacy Policy at https://krungthai.com/th/content/privacy-policy. The Bank does not intend or require the processing of any sensitive personal data, including information related to religion and/or blood type, which may appear on copy of your identification card. Therefore, please refrain from uploading any documents, including copy(ies) of your identification card, or providing sensitive personal data or any other information that is unrelated or unnecessary for the purpose of applying for a position on the website. Additionally, please ensure that you have removed any sensitive personal data (if any) from your resume and other documents before uploading them to the website.

The Bank is required to collect your criminal record information to assess employment eligibility, verify qualifications, or evaluate suitability for certain positions. Your consent to the collection, use, or disclosure of your criminal record information is necessary for entering into an agreement and being considered for the aforementioned purposes. If you do not consent to the collection, use, or disclosure of your criminal record information, or if you later withdraw such consent, the Bank may be unable to proceed with the stated purposes, potentially resulting in the loss of your employment opportunity with