Accessibility Links
  • Job reference: RMS0227171

System / Application Security Engineer

  • Sector: Recruitment
  • Location: Saudi Arabia
  • Job type: Contract
  • Date posted: 26/10/2020
  • Duration: 12 month
  • Time left:
    d h m s
Send jobs like this to my email    What's this?

The Role:
Fircroft Arabia is looking for *System / Application Security Engineer* for one of our client (Semi - Government) located in Riyadh, Saudi Arabia.

Job Description:
We are looking for an Application Security Engineer with experience working in a fast based Agile environment and in-depth knowledge in Application Security testing. Candidate should be familiar with integrating security testing tools within the QA process and should handle all responsibilities from a software quality security perspective.

* Implement, test, operate, and automate advanced software security techniques in compliance with the technical reference architecture.
* Perform on-going security testing (manually/automated) in addition to code review to improve software security.
* Troubleshoot and debug issues that may arise during application development.
* Provide engineering designs for new software solutions to help mitigate security vulnerabilities
* Contribute to all levels of security architecture
* Maintain technical security documentation
* Consult team members on secure coding practices.
* Develop a familiarity with new tools and best practices
* Setting the standards and designs for application security and ensure implementation.
* Able to provide security awareness for developers in secure coding.
* Setting preventing security measures (tools and processes) on the organization's applications for all applications on all channels.
* Participate in the organization's project to set security requirements and ensure the implementation.
* Security management of an organization's application interfaces (APIs).
* Prepare and review the Security Test plans and test reports.
* Integrate Application Security testing within the Application development life-cycle.
* Integrate Application Security testing within CI/CD.
* Execute security testing manually and tool-based.
* Analyze test results and verify false positives.
* Prepare and review the final Security Test reports.
* Performs static/dynamic code testing, manual code inspection, threat modeling, design reviews, and penetration testing of internal web applications and external partner applications to identify vulnerabilities and security defects.
* Supports the implementation and enforcement of secure design principles according to policies, standards, and patterns of Information Security.
* Serves as a Subject Matter Expert (SME) in web application security for enterprise projects during development phases to provide Information Security consulting and recommendations, ensuring the implementation of approved security requirements.
* Develops and implement manual and automated web application security testing of web applications to enforce security standards.
* Works with security product vendors and service providers to evaluate security offerings, including product evaluations, proof of concept, and pilot installations.
* Participate in active on the job coaching for the members of his team.
* Deals with security issues in code review with Static Application Security Testing (SAST) using SonarQube.
* Recommends and develops Security measures to protect information against unauthorized modification or loss.
* Coordinates with development teams or third parties to fix application vulnerabilities.
* Perform Dynamic Analysis Security Testing (DAST) on Application sprints, Epics, and Program increments.

* Bachelor's degree in Computer Science, Software Engineering or related field or equivalent combination of education and experience.
* 5-7 years of experience in performing penetration testing, secure code review, static, dynamic and manual source code review.
* Relevant qualification and/or Certified of high-level IT software Security/Quality Assurance.
* Certified Register of Ethical Security Testers (CREST) is a plus
* Cyber-security certifications (CHECK, CTM, CTL, CREST, TIGER, OSCP) is a plus
* Recognized security testing certifications (GIAC, CEH) is a plus.

* Experience in identifying and remediating common web application vulnerabilities such as OWASP.
* Experience in the use of various commercial and open-source penetration testing tools and methodologies and performing penetration testing of web applications and operating systems.
* Familiar with APT attack and kill chains.
* Experience with various code repositories including GitHub and Apache Subversion (SVN)
* Experience with continuous integration servers such as Jenkins.
* Experience working within software agile development life cycle.
* Ability to integrate quality objectives across multiple functions and projects
* Have strong technical skills, both functional and nonfunctional, manual and automation, ideally in a continuous agile delivery environment.
* Strong communication skills with all the key stakeholders to ensure QA vision is understood and implemented correctly.
* Be an advocate of total Quality Assurance, Continuous Improvement, and industry-recognized Best Practices.
* Excellent knowledge of Risk Management, Risk Identification, and Risked Based Testing.

About Fircroft:
Fircroft has been placing people in specialist technical industries for over 50 years, focusing on mid to senior level engineers for contract and permanent roles worldwide. By applying for this job you give consent for Fircroft to contact you, via email & telephone, to discuss your application along with future positions and Fircroft's services.

Fircroft is registered as a Data Controller with the Information Commissioner as required under the General Data Protection Regulation 2016/679. Fircroft will only process your personal data for the specific purposes of managing your application.

Back to Top

By clicking "Save" you consent to
receiving matching jobs based on the
job/page you are viewing by email from
Fircroft, as detailed in our privacy policy
Fircroft would like to keep you up to date with our latest company updates via email. Occasionally Fircrofts marketing may contain 3rd party or affiliate information, however we will not share your personal data with any 3rd parties without your consent. From time to time, we might contact you to get your views on the service you have received. To help you get the best out of Fircroft, we may personalise them based on your location and how you use
Fircroft would like to keep you up to date with the latest company updates and vacancies via SMS / Text messages
Your consent options above means that Fircroft cannot contact you about any new or alternative career vacancies. If you want Fircroft to only contact you about the role(s) you have applied for please continue, however if you would like to be considered for other positions please allow us to contact you by changing one or more of the above consent.