Application Security Analyst
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
Job Objectives
The Information Security Application Consultants develops operates and manages the application security frameworks to continuously monitor and improve organization's security posture to build secure applications and reduce threat footprint. The role also provides subject matter expertise and operational direction on application security governance application security control and risk analysis security assessment automation secure development practices and incident response.
Description
1. Establish and manage industryleading application security processes and practices at each phase of the software development lifecycle and implement operational roadmap for assessment penetration testing and source code reviews.
2. Ensure acquired and developed applications are consistent with secure software development lifecycle and security architecture guidelines.
3. Conduct regular manual and automated application security testing assessments review results track issues and follow up to ensure remediation in line with secure software development lifecycle.
4. Coordinate and scope Third party penetration testing and application assessments activities including configuration reviews for compliance and additional assurance of secured implementation and operation of solutions.
5. Design develop and implement the integration and automation of threat modelling security assessments and testing tools with DevOps application development and QA tools to improve detection and prevention capabilities.
6. Recommend improvements to the secure reference architecture through continuous review and assessment of the application security requirements policies and procedures.
7. Ensure secure coding practices and Software Development Life Cycle (SDLC) are followed by providing training and awareness to the internal stakeholders.
8. Ensure Data Protection privacy concerns and regulations are in place and addressed in Policies and procedures.
9. Help support and enhance existing cloud security model ensuring adherence to best practice in alignment with industry standards at technology operational legal measures.
10. Define the highlevel requirements for preserving the confidentiality integrity and availability of information and assets protecting assets from threats based on an assessment of risks to the organization and supporting the fulfillment of relevant legal regulatory operational and contractual requirements.
11. Provide regular updates to management on application security and vulnerability management posture by defining operational KPIs and metrics build dashboard and reports.
12. Manage follow up close and report upon all department’s information security regulatory requirements audits inconformity reports compliance issues and observations that arise during conducted internal and external assurance engagements.
13. Conduct Risk Assessments on the required Applications to identify applicable risk scenarios and mitigating controls as per Qatargas Information security risk management practices.
14. Perform other related duties or assignments as directed.
Requirements
Minimum Qualifications:
Bachelor’s degree in Computer Engineering/Science Electronics Engineering or any other appropriately relevant field.
Minimum Experience:
10 years of progressive experience in a directly related field.
7 years of professional experience in ICT information application security in an enterprise level environment.
3 years in similarly relevant Application security role with around the same team capacity and complexity of assigned tasks.
Job Specific Skills:
Certifications in industry relative standards frameworks and schools of practice such as CSSLP GWAPT OSCP etc.
Excellent knowledge in maintaining effective working relationships with staff and clients; excellent people management skills.
Excellent written and verbal communication skills.
Strong analytical and problemsolving skills.
Proven success in working in a similarly complex ICT information security within same industry.
Professional experience in conducting manual and automated application assessments (DAST SAST & RAST) penetration testing and configuration review.
Excellent understanding of modern development approaches and environments secure Software Development Life Cycle (SDLC) secure coding practices and DevSecOps.
Good understanding of cryptography web service frameworks mobile application architectures and service architectures (such as eventdriven serviceoriented or serverless architectures)
Good understanding of implementing enterprise information security architectures and frameworks.
Strong understanding of project management principles and requirements.
Excellent knowledge and understanding of Information Technology industry trends architectures integrations operational security and process computing.
Excellent knowledge and understanding of leading industry standards frameworks methodologies and best practices.
Excellent knowledge and understanding of information security governance compliance architecture components technical solutions and operational services.
Understanding of SAP products Applications development concepts change management and landscape
Propose security guidelines for new SAP systems ensuring critical design and implementation elements are captured addressed.
Excellent knowledge and understanding of SAP cloud platform Application services types of deployments and security requirements to ensuring secure operations and data integrity.
Skills
Information Technology, Risk Assessment, Css, Verbal Communication Skill, Devops, Information Security, Verbal Communication Skills, Sdlc, Management Skill, Analytical And Problem-solving Skill, Application Security, Compliance, Aris, Change Management, Application Development, Web Service, Problem-solving Skill, Methodologies, Excel, People Management, Communication Skill, Written And Verbal Communication, Strong Understanding, Trends, Project Management, Strong Analytical, Software Development
Employment Type
Full Time
