Principal Cybersecurity Assurance-Applications
Company Name: | The Emirates Group |
Employment Type: | Full Time |
Location: | Dubai |
Experience: | 8+ years |
Degree: | Bachelor |
Gender: | Any |
Age: | Any |
Nationality: | Any |
Salary: | Unspecified |
No. Of Vacancies: | 1 |
Job Description: |
Job Purpose Provide cybersecurity technical leadership to multiple disciplinary teams in IT & Business and represent Cybersecurity Assurance capabilities within software development life cycle (SDLC). Collaborate with the relevant stakeholders on a continuous basis to ensure security-by-design principles are defined, implemented and continuously improved. Job Outline: Overall responsibility and accountability of application security assurance activities providing services to all global and local entities under The Emirates Group. Including the validation of current as well as new websites and mobile apps are designed and implemented with the highest security standards possible. Develop and implement effective security testing strategies by leveraging cutting edge security research through upskilling self and team, staying up to date on security research and applying them effectively to the overall Emirates Group application security assurance program. Develop and implement effective secure coding practice strategies to counter traditional and modern attacks affecting The Emirates Group digital assets by educating the software developer community, Awareness workshops and drive implementation of industry best practice. Develop and implement DevSecOps principles by automating security activities such as static analysis, dynamic analysis, container security, orchestration security, etc. Provide security advisory to product grooming sessions with software developers, scrum masters and Technical product owners to prioritize security backlogs, offer technical expertise on new requirements and ensure the delivery of privacy and security by design principles. Understand, articulate, evaluate and design solutions to complex business problems and apply appropriate technologies while following security engineering best practices. Collaborate with a diverse audience such as business stakeholders, Group leadership and the Engineering Chapter to highlight and bring about change that improves the level of Cybersecurity practices that affect the entire Emirates Group. Lead the technical Cybersecurity expertise within the AATs to support diverse security requirements while maintaining a high-level overview of activities. Mentor & upskill resources in the team to ensure continuous growth of the team and support the roadmap to achieve strategic goals objectives of function. Keep abreast with industry security assurance best practices and monitor the market for emerging technologies relevant to the domain. Qualifications & Experience Information Technology. Other : 8+ Years Degree or Honours (12+3 or equivalent) : Degree in IT or Cybersecurity or any other IT-related discipline Offensive Security Certified Professional (OSCP), or certifications in IT/CyberRisk management is required Experience in system security Assessment, control and vulnerability Management and any other relevant experience in cybersecurity. Knowledge/skills: Thorough knowledge of OWASP Top 10 (Web & Mobile) Clear understanding of network and web related protocols (such as, TCP/IP, UDP, IPSEC, HTTP, …) Strong fundamentals of Application design concepts – Security-by-design in application Clear understanding of network and web related protocols such as such as, TCP/IP, UDP,IPSEC, HTTP, HTTPS, routing protocols Knowledge of technologies such as reverse proxies, Web application Firewalls. CI/CD, API gateways, SAAS Solid understanding of (IT) Risk Management processes Proficient in using & implementing open source and commercial tools to scale security Experience in threat modelling, vulnerability discovery and vulnerability management processes Experience in Bug Bounty processes or similar experience Ability to understand business requirements and translate them into technical requirements. Ability to work cross-functionally with non-engineering stack holders Certifications: – Offensive Security Certified Professional (OSCP) Preferred – Certified Ethical Hacker (CEH) – Certified Information Systems Security Professional (CISSP) Leadership Role : YES |