الوظائف الحالية

:المسمى الوظيفيApplication Security Engineer

:الموقع Doha, Qatar

:نوع الوظيفة Permanent

• Penetration Testing: Conduct penetration tests on web applications, mobile applications, APIs, and thick client applications. Prepare detailed reports with actionable recommendations for remediation.
• Security Scanning: Implement and manage automated security scanning tools (SAST, DAST, SCA) to continuously monitor and identify vulnerabilities in code, configurations, and dependencies across all application types.
• Threat Modelling: Perform threat modelling to identify potential security risks associated with various types of applications. Provide guidance on mitigating these risks.
• Code Review: Review application code for security vulnerabilities across multiple platforms and offer practical recommendations for remediation.
• Training & Awareness: Develop and deliver training sessions and workshops to raise awareness about application security among development teams and other stakeholders, tailored to different application types.
• Tool Evaluation: Assess and recommend tools and technologies to enhance application security testing and monitoring capabilities across various platforms.
• Documentation: Create and maintain comprehensive documentation related to security assessments, vulnerability management, and security policies for diverse application types.

 

1. Qualifications

 

• Education: Bachelor’s / college degree in Computer Science, Information Security, or a related field.
• Experience: At least 2 years of experience in application security, software development, or a related field.
• Certifications: Relevant certifications (e.g., BCSP, OSWA, OSWE, eWPT, eWPTX, SEC542) are highly desirable.
• Technical Skills: Proficiency with security testing tools such as Burp Suite (required), Fortify, SonarQube, and Postman (preferred). Strong understanding of secure coding practices and experience with at least one programming language.
• Knowledge: In-depth knowledge of application security principles and practices, familiar with security frameworks and guidelines (e.g., OWASP Top 10, ASVS, MASVS, WSTG, MSTG). Familiarity with DevSecOps practices and CI/CD pipelines is a plus.