صاحب العمل نشط
The unit's primary purpose is to Design, Engineer & eventually Embed practical & balanced cyber / information security principles / patterns / controls into all products & platforms.
Ability to collaborate with multiple stakeholders and manage their expectations from a security perspective.
Holistic thinking; must balance security & functionality using practical demonstrable examples.
Must also contribute to & implement "good architecture principles" to lower technical debt.
Assertive personality; should be able to hold her / his own in a project board or work group setting.
Superlative written & verbal communication skills; should be able to explain technical observations in an easy-to-understand manner.
Ability to work under pressure & meet tough/challenging deadlines.
Influencer- must be able to convince various stakeholders (internal IT Teams, C-Level execs, Risk & Audit) of why a certain observation is a concern or not.
Strong understanding of Risk Management Framework & security controls implementation from an implementer standpoint.
Has strong decision making, planning & time management skills.
Can work independently.
Has a positive and constructive attitude.
Bachelor's degree in a computer-related field such as computer science, cyber/information security discipline, physics, mathematics or similar (Must Have)
General Information Security: CISSP, OSCP, CEH, CISM/CISA or similar
General Cloud Security: CCSK/CCSP or similar
Specific Cloud Security: AWS/Azure/GCP/Oracle Solution/Security or similar
Network Security: CCNA, CCNP, CCIE, Certified Kubernetes Security Specialist
4+ years of experience in an information security function with good background in IT, stakeholder management & people management (Must Have)
3+ years of experience as a Security Engineer especially in Cloud Native environments (Must Have)
Deep foundational knowledge of Mobile Applications, Intensive skills on SSL pinning bypass, root / jailbreak bypass, core Mobile application exploitation (Must Have)
Expert at the technology & frameworks in his/her area of expertise, coach other architects on development standards & best practices
Good understanding of Microservices based architecture
Good hands-on experience solutioning technology architectures that involve perimeter protection, core protection, end-point protection, API / Micro services Security
Experience working in a DevOps environment with knowledge of CI/CD, Containers, DAST/SAST tools & building Evil Stories (Must Have)
Follow design principles & apply design patterns to enforce maintainable & reusable patterns in the form of code or otherwise
Can understand & interpret potential issues found in source or compiled code
Has automation skills/capability in the form of scripting or similar
Can attack application & infrastructure assets, interpret threats and suggest mitigating measures
Ability to interpret Security Requirements mandated by oversight functions & ensure comprehensive coverage of those requirements via documentation within high level design and/or during agile ceremonies via Evil Stories
Can propose options for solutions to the security requirements / patterns that provide a balance of security, user experience & performance
Knowledge of Agile methodologies/principles such as Scrum or Kanban
Key Skills Web & Mobile Application Security, Security Code review, API security, Platform Security, IAST, SAST, DAST
Expertise in Burp Suite, MobSF, Frida, Kali Linux, Nessus, Checkmarx SAST, Kubernetes, Docker, Jenkins, GitHub, OpenShift & good knowledge about microservice architecture & pipeline driven security.
Knowledge of Mobile App testing (Android & iOS), Web Application Security, Security Code Review, Container Review, Infrastructure Review, WAF rules review
Skills :
دوام كامل