Senior Security Assurance Analyst - The Emirates Group
نُشرت في :
11-05-2024
صاحب العمل نشط
1 وظيفة شاغرة
حالة تأهب وظيفة
سيتم تحديثك بأحدث تنبيهات الوظائف عبر البريد الإلكترونيValid email field required
أرسل الوظائف
شارك هذه الوظيفة
أرسل لي وظائف مشابهة
حالة تأهب وظيفة
سيتم تحديثك بأحدث تنبيهات الوظائف عبر البريد الإلكترونيValid email field required
أرسل الوظائف
الوصف الوظيفي
Job Purpose: At Emirates we believe in connecting the world to and through our global hub in Dubai; and in constantly innovating to ensure our customers Fly Better. Our cyber security team are looking for a dynamic and experienced Senior Security Assurance Analyst to join their team in Dubai. The successful candidate will be expected to d evelop implement lead and continuously improve the security verification and testing processes consisting of but not limited to risk assessments compliance reviews vulnerability assessments and penetration tests based on industry best practices and as defined by the assurance. In addition to that they will collaborate with the team in developing the assurance program on an ongoing basis to incorporate industry best practices offensive and defensive attack techniques.
What you do bring:
- Represent Cybersecurity assurance capabilities within the agile process as well as drive Cybersecurity best practices across the Emirates Group by executing indepth automated and manual discovery of security vulnerabilities in web applications mobile applications web services and client server application and associated infrastructure
- Research recommend and implement formal methodologies and tools for conducting technical Cyber security risk assessments reviews and investigations. Perform impact analysis to achieve the securitybydesign objective.
- Monitor and continuously review the Emirates systems on an ongoing basis in compliance with the Emirates Groups Cybersecurity Policies Principles and Standards. Initiate corrective actions in the event of any violations to aid effective riskbased decision making supported with data.
- Plan and schedule regular vulnerability assessments penetration tests technical risk assessments and compliance reviews on the Groups Key IT infrastructure components and applications based on the criticality and perceived risk of the applications/services.
- Ensure all the identified security weaknesses and risks are managed through their life cycle via product backlogs to ensure developments teams have a clear prioritization or can triage issues on a timely basis by providing knowledge transfer to the agile teams using meetings walkthroughs technical discussions etc.
- Develop documentation and a knowledge base to be used by developers for implementing Secure coding practices & provide recommendations for missing application & infrastructure security controls to facilitate securebydesign culture.
- Provide necessary knowledge transfer of the vulnerabilities found during the assessments to the software engineering teams by means of meetings walkthroughs technical discussions etc. for implementing appropriate security fixes.
- Collaborate with development teams on improving security by offering design reviews threat modelling awareness training new tooling and expert review
- Create tools script automation to make the vulnerability discovery and vulnerability management process more consistent repeatable and increase efficiency.
Qualifications & Experience: What you will bring:
Degree in IT or equivalent.
An information security related industry recognised certification such as CISSP CISA CISM GIAC certification CEH etc.
Knowledge/skills : (Secure SDLC)
- Strong fundamentals of OS Network and Programming Concepts
- Deep technical knowledge of OWASP TOP 10 issues for both application & mobile
- Deep technical knowledge of network and infrastructure security testing
- Technical aptitude to test web services APIs business logic issues cloud specific issues etc.
- Develop high quality proof of concepts for vulnerabilities identified
- Adaptive to newer attack vectors & technologies and its applicability
- Proficient in using & implementing open source and commercial tools for application mobile & thick client security testing
- Experience in reviewing source code for varied programming languages
- Experience building tools and automation to discover vulnerabilities at scale
- Deep technical knowledge of browser security controls such SOP CSP XFO HSTS etc.
- Knowledge of reviewing mobile & webbased security design implementation & review.
- Knowledge of industry standard authentication and authorization mechanism Dockers Kubernetes
- Certifications:
- Offensive Security Certified Professional (OSCP) Preferred
- GIAC Web Application Penetration Tester (GWAPT) Preferred
- Certified Information Systems Security Professional (CISSP) Preferred
- Excellent interpersonal & communication skill
Salary & Benefits: Join us in Dubai and enjoy an attractive taxfree salary and travel benefits that are exclusive to our industry including discounts on flights and hotels stays around the world. You can find out more information about our employee benefits in the Working Here section of our website confidential Further information on whats it like to live and work in our cosmopolitan home city can be found in the Dubai Lifestyle section.This job has been sourced from an external job board.
More jobs on
نوع التوظيف
دوام كامل
المهارات المطلوبة
الإبلاغ عن هذه الوظيفة
إخلاء المسؤولية: د.جوب هو مجرد منصة تربط بين الباحثين عن عمل وأصحاب العمل. ننصح المتقدمين بإجراء بحث مستقل خاص بهم في أوراق اعتماد صاحب العمل المحتمل.
نحن نحرص على ألا يتم طلب أي مدفوعات مالية من قبل عملائنا، وبالتالي فإننا ننصح بعدم مشاركة أي معلومات شخصية أو متعلقة بالحسابات المصرفية مع أي طرف ثالث. إذا كنت تشك في وقوع أي احتيال أو سوء تصرف، فيرجى التواصل معنا من خلال تعبئة النموذج الموجود على الصفحة اتصل بنا
