Talent.com
عرض العمل هذا غير متوفر في بلدك.
Application Security

Application Security

Vitasta Consulting Pvt LtdDubai, Dubai, United Arab Emirates
25 منذ أيام
الوصف الوظيفي

Organisation Unit Purpose

The unit's primary purpose is to Design Engineer & eventually Embed practical & balanced cyber / information security principles / patterns / controls into all products and platforms. Conduct security assessments gap analysis provide remediation to the relevant squads / stakeholders.

Job Purpose

Primary / General Job Purpose :

  • Encourage Shift Left Mindset - Proactively embed security requirements by influencing implementation of security & privacy patterns from the start of the development cycle
  • Implement via Influence - Influence stakeholders such as Product Owners Solution Architects Developers Testers Engineers & others to include security patterns into features epics and stories in order to build secure innovative & superior digital products for customers and employees
  • Assessments Perform security assessment and perform gap analysis to provide appropriate remediations to the teams for implementing the fixes.

Key Skills Web Application Security Security Code review API security Underlying infrastructure security Integration Security Database Security Secure Configuration Review.

  • Tools and Technologies Burp Suite Postman Tenable Nessus Checkmarx SAST GitHub and good knowledge about monolithic and microservice architecture and pipeline driven security.

    • Experience with following Components

    Technical Requirements

  • Web Application Security Owasp top 10 CVSS etc
  • Security Code Review manual code review in Git etc
  • API Security Review Open shift container review etc.
  • Database Security Requirements to enhance security on Database
  • Web Server Security Requirements to enhance security on the web server
  • Configuration Review has performed different configuration reviews and should have found good misconfigurations in the system.
  • Integration review How the application connects with different systems performed security review on those integrations.
  • Transport Layer Security How communication channels are secured and understanding of the Transport layer security mechanisms and controls.

    • Soft Skills

  • Ability to collaborate with multiple stakeholders and manage their expectations from a security perspective
  • Holistic thinking; must balance security and functionality using practical demonstrable examples. Must also contribute to and implement good architecture principles to lower technical debt
  • Assertive personality; should be able to hold her / his own in a project board or work group setting
  • Superlative written and verbal communication skills; should be able to explain technical observations in an easy-to-understand manner
  • Ability to work under pressure and meet tough / challenging deadlines
  • Influencer- must be able to convince various stakeholders (internal IT Teams C-Level execs
  • Risk & Audit) of why a certain observation is a concern or not
  • Strong understanding of Risk Management Framework and security controls implementation from an implementer standpoint
  • Has strong decision making planning and time management skills.
  • Can work independently.
  • Has a positive and constructive attitude.

    • Education

  • Bachelors degree in a computer-related field such as computer science cyber / information security discipline physics mathematics or similar (Essential)
  • General Information Security : OSCP CEH CISM / CISA or similar
  • General Cloud Security : CCSK / CCSP or similar
  • Specific Cloud Security : Azure Security or similar
  • Network Security : CCNA CCNP CCIE Certified Kubernetes Security Specialist

    • Experience (Essential)

  • Must have minimum 3 years of experience in an information security function with good background in information technology stakeholder management and people management

    • Knowledge & Skills - Technical Functional & Managerial

  • Expert at the Web Application Security testing in depth testing skillset and ability to bypass weak implementation for attacks ability to bypass WAF for attack scenarios such as XSS SQL Injection etc. (Essential)
  • Good understanding of Microservice based architecture (Technical) (Essential)
  • Good hands-on experience solutioning technology architectures that involve perimeter protection core protection and end-point protection / detection & API / Micro services Security (Essential)
  • Experience working in a DevOps environment with knowledge of Continuous Integration Containers DAST / SAST tools and building Evil Stories (Technical) (Essential)
  • The Analyst / Engineer should be able to understand how different systems work and what security controls are implemented in such integrations. (Essential)
  • The Analyst / Engineer should be capable in understanding the hardening standards creating one if not available and perform the testing against the hardening standards. (Essential)
  • The Analyst / Engineer should be capable of assessing security flaws in underlying infrastructure and the connected components. (Essential)
  • The Analyst / Engineer should be capable of assessing the security flaws in the Transport Layer. (Essential)
  • The Analyst / Engineer has the skill to follow design principles and applies design patterns to enforce maintainable and reusable patterns in the form of code or otherwise.
  • The Analyst / Engineer can understand and interpret potential issues found in source or compiled code
  • The Analyst / Engineer has automation skills / capability in the form of scripting or similar
  • The Analyst / Engineer can attack application and infrastructure assets interpret threats and suggest mitigating measures
  • Ability to interpret Security Requirements mandated by oversight functions and ensure comprehensive coverage of those requirements via documentation within high level design and / or during agile ceremonies via Evil Stories Desirable
  • The Analyst / Engineer can propose options for solutions to the security requirements / patterns that provide a balance of security user experience & performance Desirable
  • The Analyst / Engineer has the skill to discuss and present solutions to other architecture security development and leadership teams. Desirable
  • The Analyst / Engineer can interpret and understand vulnerability assessment reports and calculate inherent and / or residual risks based on the assessment of such reports
  • Ability to articulate and be a persuasive leader who can serve as an effective member of the senior management team.
  • Good negotiation skills will be desirable Desirable
  • Must have good judgment skills to decide on an exception approval
  • Ability to enforce improvements when necessary using Influence rather than Policing measures Superior written and verbal communication skills to effectively communicate security threats and recommendations to technical or non-technical stakeholders
  • Knowledge of application of Agile methodologies / principles such as Scrum or Kanban

    • Behavioral Competencies - Thinking Related People Related & Self Related (All Essential)

  • Influencer / Security Evangelist for the Team / Squad
  • Positive & Constructive Attitude
  • Autonomous worker / Decision Maker
  • Good listener
  • Patient & Calm during stressful situations
  • High energy individual / Motivator
  • Win-Win Attitude
  • Hacker / Defense-In-Depth mindset
  • Analytical thinking
  • Team Player / Interpersonal Skills
  • Eye for detail
  • Persistent & Persuasive
  • Organized / Structured
  • Deadline oriented
  • Competent and committed
  • Peoples Person; understands stakeholder management
  • Empathetic
  • Passionate about architecting smart solutions
  • Innovator / Out of the box thinker
  • Collaborative Leadership style
  • Confident Presenter All Essential

    • Other Information

  • Age No bar
  • Nationality No bar
  • Gender No bar

    • #J-18808-Ljbffr

    إنشاء تنبيه وظيفي لهذا البحث

    Application Security • Dubai, Dubai, United Arab Emirates

    وظائف ذات صلة
    • عَرْضٌ مُرَوَّجٌ له
    Application Security Engineer

    Application Security Engineer

    Dubizzle GroupDubai, Dubai, United Arab Emirates
    Bayut & dubizzle have the unique distinction of being iconic, homegrown brands with a strong presence across the seven emirates in the UAE. Connecting millions of users across the country, we are co...أظهر المزيدآخر تحديث: منذ أكثر من 30 يومًا
    Speculative Application -Embedded Consultant Security Manager-Mandarin / Cantonese

    Speculative Application -Embedded Consultant Security Manager-Mandarin / Cantonese

    Control RisksDubai, Dubai, AE
    Quick Apply
    Job Description & SOW includes but is not limited to : .Daily security management and support.Act as the role of client’s regional security advisor / representative, responsible for all security ch...أظهر المزيدآخر تحديث: منذ أكثر من 30 يومًا
    • عَرْضٌ مُرَوَّجٌ له
    Senior Application Security Engineer (Bangkok based, relocation provided)

    Senior Application Security Engineer (Bangkok based, relocation provided)

    AgodaSharjah, Sharjah Emirate, United Arab Emirates
    Senior Application Security Engineer (Bangkok based, relocation provided).Join Agoda as a Senior Application Security Engineer based in Bangkok with relocation support. This role sits in the Securit...أظهر المزيدآخر تحديث: 24 منذ أيام
    • عَرْضٌ مُرَوَّجٌ له
    Application Manager

    Application Manager

    Danaher CorporationDubai, Dubai, United Arab Emirates
    Leica Biosystems’ mission of “Advancing Cancer Diagnostics, Improving Lives” is at the heart of our corporate culture.We’re a global leader in cancer diagnostics with the most comprehensive portfol...أظهر المزيدآخر تحديث: منذ يوم واحد
    • عَرْضٌ مُرَوَّجٌ له
    Principal Consultant - Security

    Principal Consultant - Security

    Egis GroupDubai, Dubai, United Arab Emirates
    Security Threat & Risk Assessments (STRA).The ideal candidate will bridge.Security Threat & Risk Assessment.Lead and deliver STRA for projects such as mixed-use developments transportation hubs hos...أظهر المزيدآخر تحديث: منذ أكثر من 30 يومًا
    • عَرْضٌ مُرَوَّجٌ له
    Senior / Staff Application Security Engineer (Bangkok based, relocation provided)

    Senior / Staff Application Security Engineer (Bangkok based, relocation provided)

    AgodaAjman, Ajman Emirate, United Arab Emirates
    Senior / Staff Application Security Engineer (Bangkok based, relocation provided).Agoda is seeking a Senior / Staff Application Security Engineer to join our Security Department.This role is Bangkok-ba...أظهر المزيدآخر تحديث: 3 منذ أيام
    • عَرْضٌ مُرَوَّجٌ له
    Principal Consultant Offensive Security

    Principal Consultant Offensive Security

    Palo Alto NetworksAjman, Ajman Emirate, United Arab Emirates
    The Principal Consultant on the Offensive Security team is focused on assessing and challenging the security posture across a comprehensive portfolio of clients. The individual will utilize a variet...أظهر المزيدآخر تحديث: 23 منذ أيام
    Application Security Engineer

    Application Security Engineer

    Bayut | dubizzleDubai, Dubai, AE
    Quick Apply
    Bayut & dubizzle have the unique distinction of being iconic, homegrown brands with a strong presence across the seven emirates in the UAE. Connecting millions of users across the country, we ar...أظهر المزيدآخر تحديث: منذ أكثر من 30 يومًا
    • عَرْضٌ مُرَوَّجٌ له
    Security Platform Engineer L3

    Security Platform Engineer L3

    NTT DATA, Inc.Dubai, Dubai, United Arab Emirates
    Join to apply for the Security Platform Engineer L3 role at NTT DATA, Inc.Join to apply for the Security Platform Engineer L3 role at NTT DATA, Inc. Join a company that is pushing the boundaries of ...أظهر المزيدآخر تحديث: منذ أكثر من 30 يومًا
    • عَرْضٌ مُرَوَّجٌ له
    Lead Security Engineer

    Lead Security Engineer

    Fuse EnergyDubai, Dubai, United Arab Emirates
    Get AI-powered advice on this job and more exclusive features.At Fuse, we're building a fully integrated energy company, from developing solar, wind, and hydrogen to power trading & distributed ene...أظهر المزيدآخر تحديث: منذ أكثر من 30 يومًا
    • عَرْضٌ مُرَوَّجٌ له
    Consulting Director

    Consulting Director

    Palo Alto NetworksAjman, Ajman Emirate, United Arab Emirates
    The Consulting Director on the Offensive Security team is focused on assessing and challenging the security posture across a comprehensive portfolio of clients. The individual will utilize a variety...أظهر المزيدآخر تحديث: 23 منذ أيام
    • عَرْضٌ مُرَوَّجٌ له
    Senior / Staff Application Security Analyst (Bangkok based, relocation provided)

    Senior / Staff Application Security Analyst (Bangkok based, relocation provided)

    AgodaSharjah, Sharjah Emirate, United Arab Emirates
    Agoda is an online travel booking platform for accommodations, flights, and more.We build and deploy cutting-edge technology that connects travelers with a global network of 4.M hotels and holiday ...أظهر المزيدآخر تحديث: منذ أكثر من 30 يومًا
    • عَرْضٌ مُرَوَّجٌ له
    Ubuntu Security Engineer

    Ubuntu Security Engineer

    CanonicalDubai, Dubai, United Arab Emirates
    Canonical is a leading provider of open source software and operating systems to the global enterprise and technology markets. Our platform, Ubuntu, is widely used in breakthrough enterprise initiat...أظهر المزيدآخر تحديث: منذ أكثر من 30 يومًا
    • عَرْضٌ مُرَوَّجٌ له
    Network Security & Monitoring Engineer

    Network Security & Monitoring Engineer

    Entertainer FzDubai, Dubai, United Arab Emirates
    The ENTERTAINER is a leader in the Lifestyle industry providing our members with exclusive access to 2for1 vouchers for dining, delivery, attractions, shopping and travel across the GCC and Singapo...أظهر المزيدآخر تحديث: 26 منذ أيام
    • عَرْضٌ مُرَوَّجٌ له
    Application Security Testing Manager

    Application Security Testing Manager

    NetcrackerDubai, Dubai, United Arab Emirates
    Are you passionate about securing critical applications and leading high-performing security teams to perform security testing activities for large scale projects Join. Netcracker delivers market-le...أظهر المزيدآخر تحديث: 5 منذ أيام
    • عَرْضٌ مُرَوَّجٌ له
    SOC Analyst - OT Security

    SOC Analyst - OT Security

    canderDubai, Dubai, United Arab Emirates
    We are looking for a skilled SOC Analyst with a strong background in OT Security and at least 5 years of experience in a Security Operations Center. The ideal candidate will possess hands-on experti...أظهر المزيدآخر تحديث: منذ أكثر من 30 يومًا
    • عَرْضٌ مُرَوَّجٌ له
    Smart Contract Security Engineer (Security Audit)

    Smart Contract Security Engineer (Security Audit)

    BinanceAjman, Ajman Emirate, United Arab Emirates
    Binance is a leading global blockchain ecosystem behind the world’s largest cryptocurrency exchange by trading volume and registered users. We are trusted by over 250 million people in 100+ countrie...أظهر المزيدآخر تحديث: 3 منذ أيام
    • عَرْضٌ مُرَوَّجٌ له
    Security Testing Engineer

    Security Testing Engineer

    Ultimate HR SolutionsDubai, Dubai, United Arab Emirates
    We are looking for a Security Engineer who will be responsible for Application Infra and API Vulnerability Assessment & Penetration Testing (VAPT) for : . Beyond VAPT this role will also be responsibl...أظهر المزيدآخر تحديث: 23 منذ أيام