Application Security Lead

The Lead Application Security professional will be responsible for the security of all software applications within the organization. This role requires deep expertise in secure software development, vulnerability management, and application security testing. The individual will work closely with development, DevOps, and IT teams to integrate security throughout the software development lifecycle (SDLC) and protect against security threats, data breaches, and other vulnerabilities.

Job Responsibilities:

Application Security Strategy & Leadership

- Develop, implement, and maintain the organization's application security strategy.

- Lead the integration of security best practices into the software development lifecycle (SDLC) for both in-house and third-party applications.

- Work closely with development and IT teams to ensure application security is prioritized throughout the entire development and deployment process.

Secure Software Development & Code Reviews

- Collaborate with software development teams to implement secure coding practices and frameworks (e.g., OWASP Top 10).

- Perform regular code reviews and static/dynamic analysis of applications to identify potential security vulnerabilities and weaknesses.

- Provide guidance on secure design, coding, and testing techniques to ensure applications are built securely from the ground up.

Application Vulnerability Management

- Conduct vulnerability assessments and penetration tests of web and mobile applications, APIs, and microservices to identify security risks.

- Manage the remediation of identified vulnerabilities, working with development teams to address security gaps and validate fixes.

- Establish a process for continuous application vulnerability monitoring, using tools like SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing).

Security Testing & Penetration Testing

- Lead the implementation of security testing methodologies, including threat modeling, fuzz testing, and automated vulnerability scanning.

- Oversee third-party security testing vendors and internal teams conducting penetration tests, ensuring results are acted upon effectively.

- Continuously assess applications for new security threats and ensure they are appropriately hardened.

Application Security Tools & Technologies

- Select and manage application security tools and technologies such as Web Application Firewalls (WAFs), Runtime Application Self-Protection (RASP), and vulnerability scanning tools.

- Ensure proper integration of security tools into the continuous integration/continuous deployment (CI/CD) pipeline for DevOps and Agile environments.

- Ensure security tools are up to date and effective at protecting against modern application threats.

- Act as the primary liaison between security, development, and operations teams, ensuring strong collaboration and communication regarding application security.

- Lead and mentor a team of application security engineers, providing training and development in secure coding practices, vulnerability management, and threat modeling.

- Collaborate with DevOps teams to ensure secure CI/CD practices, promoting the principles of DevSecOps.

- Lead the response to application security incidents, ensuring that vulnerabilities are identified, analyzed, and remediated promptly.

- Coordinate with other security and IT teams during security incidents to contain and mitigate threats to applications.

- Develop post-incident review processes to continuously improve application security posture.

Application Security Training & Awareness

- Develop and deliver application security training for development teams, covering secure coding standards, common vulnerabilities (e.g., OWASP Top 10), and secure software design.

- Promote a security-first culture within the development and IT teams, encouraging proactive identification and resolution of security risks.

- Create and maintain security playbooks and guidelines for developers and DevOps teams.

Qualifications / Experience / Competencies:

Qualifications & Certifications:

• Bachelor of Engineering (Electronics) or Equivalent
• Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Secure Software Lifecycle Professional (CSSLP), Certified Ethical Hacker (CEH), GIAC Web Application Penetration Tester (GWAPT), or equivalent are desirable.

Skills:

- In-depth knowledge of application security principles, including authentication, authorization, encryption, and secure communications.

- Hands-on experience with security testing tools such as Burp Suite, OWASP ZAP, SAST/DAST, and penetration testing tools.

- Familiarity with DevSecOps practices, integrating security into CI/CD pipelines.

- Strong problem-solving and analytical skills with the ability to think critically about security threats and solutions.

- Excellent communication skills with the ability to explain technical issues to non-technical stakeholders.

- Leadership: Strong leadership abilities with the capability to guide development and security teams toward secure application development practices.

- Risk Management: Ability to assess risks and implement mitigations for application security vulnerabilities.

- Collaboration: Strong interpersonal skills to work with cross-functional teams, including development, IT, and business stakeholders.

- Technical Expertise: Advanced knowledge of secure coding, vulnerability management, and application security testing tools and techniques.

- Communication: Ability to articulate security concepts to technical and non-technical stakeholders.

Disclaimer: Naukrigulf.com is only a platform to bring jobseekers & employers together. Applicants are advised to research the bonafides of the prospective employer independently. We do NOT endorse any requests for money payments and strictly advice against sharing personal or bank related information. We also recommend you visit Security Advice for more information. If you suspect any fraud or malpractice, email us at abuse@naukrigulf.com

• Dubai , Others - United Arab Emirates (UAE)