Application Security - Mobile
صاحب العمل نشط
حالة تأهب وظيفة
سيتم تحديثك بأحدث تنبيهات الوظائف عبر البريد الإلكتروني
شارك هذه الوظيفة
حالة تأهب وظيفة
سيتم تحديثك بأحدث تنبيهات الوظائف عبر البريد الإلكتروني
الوصف الوظيفي
The unit's primary purpose is to Design, Engineer & eventually Embed practical & balanced cyber / information security principles / patterns / controls into all products & platforms.
Soft Skills:
-
Ability to collaborate with multiple stakeholders and manage their expectations from a security perspective.
-
Holistic thinking; must balance security & functionality using practical demonstrable examples.
-
Must also contribute to & implement "good architecture principles" to lower technical debt.
-
Assertive personality; should be able to hold her / his own in a project board or work group setting.
-
Superlative written & verbal communication skills; should be able to explain technical observations in an easy-to-understand manner.
-
Ability to work under pressure & meet tough/challenging deadlines.
-
Influencer- must be able to convince various stakeholders (internal IT Teams, C-Level execs, Risk & Audit) of why a certain observation is a concern or not.
-
Strong understanding of Risk Management Framework & security controls implementation from an implementer standpoint.
-
Has strong decision making, planning & time management skills.
-
Can work independently.
-
Has a positive and constructive attitude.
Key Requirements:
-
Bachelor's degree in a computer-related field such as computer science, cyber/information security discipline, physics, mathematics or similar (Must Have)
-
General Information Security: CISSP, OSCP, CEH, CISM/CISA or similar
-
General Cloud Security: CCSK/CCSP or similar
-
Specific Cloud Security: AWS/Azure/GCP/Oracle Solution/Security or similar
-
Network Security: CCNA, CCNP, CCIE, Certified Kubernetes Security Specialist
Eligibility:
-
4+ years of experience in an information security function with good background in IT, stakeholder management & people management (Must Have)
-
3+ years of experience as a Security Engineer especially in Cloud Native environments (Must Have)
-
Deep foundational knowledge of Mobile Applications, Intensive skills on SSL pinning bypass, root / jailbreak bypass, core Mobile application exploitation (Must Have)
-
Expert at the technology & frameworks in his/her area of expertise, coach other architects on development standards & best practices
-
Good understanding of Microservices based architecture
-
Good hands-on experience solutioning technology architectures that involve perimeter protection, core protection, end-point protection, API / Micro services Security
-
Experience working in a DevOps environment with knowledge of CI/CD, Containers, DAST/SAST tools & building Evil Stories (Must Have)
-
Follow design principles & apply design patterns to enforce maintainable & reusable patterns in the form of code or otherwise
-
Can understand & interpret potential issues found in source or compiled code
-
Has automation skills/capability in the form of scripting or similar
-
Can attack application & infrastructure assets, interpret threats and suggest mitigating measures
-
Ability to interpret Security Requirements mandated by oversight functions & ensure comprehensive coverage of those requirements via documentation within high level design and/or during agile ceremonies via Evil Stories
-
Can propose options for solutions to the security requirements / patterns that provide a balance of security, user experience & performance
-
Knowledge of Agile methodologies/principles such as Scrum or Kanban
-
Key Skills Web & Mobile Application Security, Security Code review, API security, Platform Security, IAST, SAST, DAST
-
Expertise in Burp Suite, MobSF, Frida, Kali Linux, Nessus, Checkmarx SAST, Kubernetes, Docker, Jenkins, GitHub, OpenShift & good knowledge about microservice architecture & pipeline driven security.
-
Knowledge of Mobile App testing (Android & iOS), Web Application Security, Security Code Review, Container Review, Infrastructure Review, WAF rules review
Skills :
نوع التوظيف
دوام كامل
