Manager, Application Security

JOB TITLE

Manager, Application Security | Majid Al Futtaim Global Solutions UAE

ROLE SUMMARY

The Application Security Manager is an enterprise-wide role responsible for overseeing and executing the Vulnerability Management (VPAT) Program, Penetration Testing, Red Teaming, Application Security, and Develops initiatives. This role ensures that all technology environments including infrastructure, applications, cloud platforms, network systems, and security tools are continuously assessed for security vulnerabilities, threats, and risks.

ROLE PROFILE

Vulnerability Management (VPAT) Program Oversight

• Lead and manage the enterprise-wide Vulnerability Management (VPAT) Program, ensuring all IT assets undergo continuous security assessments and timely remediation.
• Ensure regular vulnerability scans across infrastructure, applications, cloud services, and third-party integrations using appropriate tools.
• Establish risk-based prioritization of vulnerabilities based on exploitability, business impact, and compliance requirements.
• Work with all stakeholders to track, mitigate, and ensure asset owner remediate vulnerabilities within defined SLAs.
• Develop vulnerability tracking dashboards and reports to provide visibility into risk trends and remediation progress.

Penetration Testing & Red Teaming

• Plan, coordinate, and execute penetration testing and red teaming exercises for internal and external-facing systems, applications, cloud platforms, and security tools.
• Conduct offensive security assessments, simulating real-world attack scenarios based on MITRE ATT&CK, OWASP, and industry threat intelligence.
• Test security effectiveness of SIEM, IAM, WAF, EDR, CASB, and DLP solutions to uncover security weaknesses.
• Perform social engineering assessments (phishing campaigns, physical security tests, and employee security awareness evaluations).
• Generate detailed reports and risk analysis outlining exploitation potential, business impact, and remediation recommendations.

Application Security & DevSecOp

• Lead and manage the enterprise-wide Application Security & DevSecOp Program, ensuring all Application undergo continuous security assessments and timely remediation.
• Work with all stakeholders specially business application team, managed service provider and software developers to track, mitigate, and ensure remediation of vulnerabilities within defined SLAs.
• Embed security testing into CI/CD pipelines.
• Perform Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) on critical applications before deployment.
• Ensure API security testing and protection mechanisms are in place for microservices, containerized workloads, and web applications.
• Implement secure coding practices across development teams, conducting training and awareness programs.

Security Testing Governance & Compliance

• Ensure all security testing and vulnerability management activities comply with ISO 27001, NIST, PCI DSS, CIS benchmarks, and approved MAF policies and standards.
• Provide executive reporting on security testing results, identifying key risks and recommended mitigations for leadership.
• Maintain audit-ready documentation of all security testing activities to support cybersecurity compliance function on internal and external compliance reviews.

REQUIREMENTS

• 5 – 7 years of experience in penetration testing, vulnerability management, and security assessments.
• Experience with DevSecOps integration, embedding security testing into CI/CD pipelines.
• Hands-on experience with security assessments in cloud, hybrid, and on-prem infrastructures.
• Bachelor’s degree in Cybersecurity, Computer Science, or Engineering.
• Relevant certifications in penetration testing, vulnerability assessment, and application security.
• Preferred Qualifications · OSCP (Offensive Security Certified Professional) · OSCE (Offensive Security Certified Expert) · GPEN (GIAC Penetration Tester) · GWAPT (GIAC Web Application Penetration Tester) · CRTSA (CREST Registered Technical Security Architect) · GCSA (GIAC Cloud Security Automation) · Certified DevSecOps Professional (CDP) · AWS/Azure Cloud Security Certifications