IT Application Security Specialist
Doha, Doha Municipality, Qatar · മുഴുവൻ സമയവും
അപേക്ഷിക്കുന്ന ആദ്യയാളാകൂ
- അനുഭവം
- 8–12 വയസ്സ്
- ശമ്പളം
- —
- ഓപ്പണിംഗുകൾ
- 1
- പോസ്റ്റ് ചെയ്തു
- 1 മണിക്കൂർ മുമ്പ്
- പ്രവർത്തന രീതി
- ഓഫീസിൽ
- വിദ്യാഭ്യാസം
- Bachelor's degree in Computer Science or related field
- പുനരാരംഭിക്കുക
- അപേക്ഷിക്കാൻ നിർബന്ധം
നിങ്ങൾ എവിടെ ജോലി ചെയ്യും
ജോലി വിവരണം
About the Role
The IT Application Security Specialist will spearhead the development, implementation, and management of application security across enterprise-wide systems. The role ensures applications are safeguarded by design and comply with internal policies plus regulatory mandates.
Key Responsibilities
- Develop and uphold the enterprise-wide application security framework.
- Incorporate secure-by-design principles into all applications.
- Track security effectiveness through key performance indicators, such as vulnerability mitigation and resolution times.
- Enhance the maturity of application security continually.
- Design secure system architectures for applications, APIs, and microservices, leading threat modeling exercises using methodologies like STRIDE.
- Enforce security design patterns including authentication, encryption, and data protection techniques and actively participate in architecture governance.
- Integrate security processes and tools into CI/CD workflows, including managing SAST, DAST, and SCA solutions.
- Define and apply secure coding standards guided by OWASP Top 10 vulnerabilities while automating security checks in development pipelines.
- Design and maintain secure cloud architectures on platforms such as AWS and Azure, applying Identity and Access Management and Zero Trust concepts.
- Secure container environments such as Kubernetes and OpenShift; implement monitoring, logging, and threat detection measures in cloud environments.
- Coordinate comprehensive security testing, including vulnerability assessments, penetration tests, and ensure effective remediation of discovered vulnerabilities.
- Collaborate closely with Security Operations Centers to bolster monitoring and incident response, supporting SIEM use cases and security trend analysis.
- Ensure compliance with standards and regulations like PCI DSS, SWIFT CSP, and ISO 27001; support audits and develop security policies and procedures.
- Serve as a trusted advisor by providing security guidance to development, DevOps, and architecture teams and conduct training on secure coding.
Qualifications and Experience
- Bachelor's degree in Computer Science, Cybersecurity, Software Engineering, or related fields.
- Minimum of 8 to 12 years of cybersecurity experience, with strong emphasis on application security, DevSecOps, and cloud security.
- Experience in financial services or banking industries is preferred.
Required Skills and Competencies
- In-depth knowledge of OWASP Top 10 vulnerabilities and secure coding methods.
- Expertise in secure software development lifecycle and threat modeling techniques.
- Strong understanding of API and web application security concepts.
- Proficiency with security testing tools such as SAST, DAST, and Software Composition Analysis (SCA).
- Experience with cloud platforms, particularly AWS and Azure, including container security with Kubernetes/OpenShift.
- Familiarity with SIEM systems, vulnerability management, and continuous security monitoring.
- Excellent analytical thinking, communication, and stakeholder engagement capabilities.
- Capability to influence cross-departmental teams and detailed risk awareness.
Certifications
- At least two of the following are required: CISSP, CCSP, CISM, or CRISC.
- Preferred certifications include CEH, Microsoft Azure Security Engineer (AZ-500), AWS Security Specialty, or OSCP.
Additional Information
- This position requires close interaction with development, infrastructure, and security teams.
- The role combines strategic planning with active technical involvement.
- Experience working in regulated environments is an advantage.