Senior Security Assurance Analyst

Senior Security Assurance Analyst - The Emirates Group Senior Security Assurance Analyst - The Emirates GroupJob Purpose: At Emirates we believe in connecting the world to and through our global hub in Dubai; and in constantly innovating to ensure our customers Fly Better. Our cyber security team are looking for a dynamic and experienced Senior Security Assurance Analyst to join their team in Dubai. The successful candidate will be expected to d evelop implement lead and continuously improve the security verification and testing processes consisting of but not limited to risk assessments compliance reviews vulnerability assessments and penetration tests based on industry best practices and as defined by the assurance. In addition to that they will collaborate with the team in developing the assurance program on an ongoing basis to incorporate industry best practices offensive and defensive attack techniques.What you do bring:Represent Cybersecurity assurance capabilities within the agile process as well as drive Cybersecurity best practices across the Emirates Group by executing indepth automated and manual discovery of security vulnerabilities in web applications mobile applications web services and client server application and associated infrastructureResearch recommend and implement formal methodologies and tools for conducting technical Cyber security risk assessments reviews and investigations. Perform impact analysis to achieve the securitybydesign objective.Monitor and continuously review the Emirates systems on an ongoing basis in compliance with the Emirates Groups Cybersecurity Policies Principles and Standards. Initiate corrective actions in the event of any violations to aid effective riskbased decision making supported with data.Plan and schedule regular vulnerability assessments penetration tests technical risk assessments and compliance reviews on the Groups Key IT infrastructure components and applications based on the criticality and perceived risk of the applications/services.Ensure all the identified security weaknesses and risks are managed through their life cycle via product backlogs to ensure developments teams have a clear prioritization or can triage issues on a timely basis by providing knowledge transfer to the agile teams using meetings walkthroughs technical discussions etc.Develop documentation and a knowledge base to be used by developers for implementing Secure coding practices & provide recommendations for missing application & infrastructure security controls to facilitate securebydesign culture.Provide necessary knowledge transfer of the vulnerabilities found during the assessments to the software engineering teams by means of meetings walkthroughs technical discussions etc. for implementing appropriate security fixes.Collaborate with development teams on improving security by offering design reviews threat modelling awareness training new tooling and expert reviewCreate tools script automation to make the vulnerability discovery and vulnerability management process more consistent repeatable and increase efficiency.Qualifications & Experience: What you will bring:Degree in IT or equivalent.An information security related industry recognised certification such as CISSP CISA CISM GIAC certification CEH etc.Knowledge/skills : (Secure SDLC)Strong fundamentals of OS Network and Programming ConceptsDeep technical knowledge of OWASP TOP 10 issues for both application & mobileDeep technical knowledge of network and infrastructure security testingTechnical aptitude to test web services APIs business logic issues cloud specific issues etc.Develop high quality proof of concepts for vulnerabilities identifiedAdaptive to newer attack vectors & technologies and its applicabilityProficient in using & implementing open source and commercial tools for application mobile & thick client security testingExperience in reviewing source code for varied programming languagesExperience building tools and automation to discover vulnerabilities at scaleKnowledge of reviewing mobile & webbased security design implementation & review.Knowledge of industry standard authentication and authorization mechanism Dockers KubernetesCertifications:Offensive Security Certified Professional (OSCP) PreferredGIAC Web Application Penetration Tester (GWAPT) PreferredCertified Information Systems Security Professional (CISSP) PreferredExcellent interpersonal & communication skill
Job Purpose: At Emirates we believe in connecting the world to and through our global hub in Dubai; and in constantly innovating to ensure our customers Fly Better. Our cyber security team are looking for a dynamic and experienced Senior Security Assurance Analyst to join their team in Dubai. The successful candidate will be expected to d evelop implement lead and continuously improve the security verification and testing processes consisting of but not limited to risk assessments compliance reviews vulnerability assessments and penetration tests based on industry best practices and as defined by the assurance. In addition to that they will collaborate with the team in developing the assurance program on an ongoing basis to incorporate industry best practices offensive and defensive attack techniques.What you do bring: Represent Cybersecurity assurance capabilities within the agile process as well as drive Cybersecurity best practices across the Emirates Group by executing indepth automated and manual discovery of security vulnerabilities in web applications mobile applications web services and client server application and associated infrastructureResearch recommend and implement formal methodologies and tools for conducting technical Cyber security risk assessments reviews and investigations. Perform impact analysis to achieve the securitybydesign objective.Monitor and continuously review the Emirates systems on an ongoing basis in compliance with the Emirates Groups Cybersecurity Policies Principles and Standards. Initiate corrective actions in the event of any violations to aid effective riskbased decision making supported with data.Plan and schedule regular vulnerability assessments penetration tests technical risk assessments and compliance reviews on the Groups Key IT infrastructure components and applications based on the criticality and perceived risk of the applications/services.Ensure all the identified security weaknesses and risks are managed through their life cycle via product backlogs to ensure developments teams have a clear prioritization or can triage issues on a timely basis by providing knowledge transfer to the agile teams using meetings walkthroughs technical discussions etc.Develop documentation and a knowledge base to be used by developers for implementing Secure coding practices & provide recommendations for missing application & infrastructure security controls to facilitate securebydesign culture.Provide necessary knowledge transfer of the vulnerabilities found during the assessments to the software engineering teams by means of meetings walkthroughs technical discussions etc. for implementing appropriate security fixes.Collaborate with development teams on improving security by offering design reviews threat modelling awareness training new tooling and expert reviewCreate tools script automation to make the vulnerability discovery and vulnerability management process more consistent repeatable and increase efficiency.
Qualifications & Experience: What you will bring:Degree in IT or equivalent.An information security related industry recognised certification such as CISSP CISA CISM GIAC certification CEH etc.Knowledge/skills : (Secure SDLC)Strong fundamentals of OS Network and Programming ConceptsDeep technical knowledge of OWASP TOP 10 issues for both application & mobileDeep technical knowledge of network and infrastructure security testingTechnical aptitude to test web services APIs business logic issues cloud specific issues etc.Develop high quality proof of concepts for vulnerabilities identifiedAdaptive to newer attack vectors & technologies and its applicabilityProficient in using & implementing open source and commercial tools for application mobile & thick client security testingExperience in reviewing source code for varied programming languagesExperience building tools and automation to discover vulnerabilities at scaleDeep technical knowledge of browser security controls such SOP CSP XFO HSTS etc.Knowledge of reviewing mobile & webbased security design implementation & review.Knowledge of industry standard authentication and authorization mechanism Dockers KubernetesCertifications:Offensive Security Certified Professional (OSCP) PreferredGIAC Web Application Penetration Tester (GWAPT) PreferredCertified Information Systems Security Professional (CISSP) PreferredExcellent interpersonal & communication skill Salary & Benefits: Join us in Dubai and enjoy an attractive taxfree salary and travel benefits that are exclusive to our industry including discounts on flights and hotels stays around the world. You can find out more information about our employee benefits in the Working Here section of our website confidential Further information on whats it like to live and work in our cosmopolitan home city can be found in the Dubai Lifestyle section.This job has been sourced from an external job board.More jobs on
Disclaimer: Drjobs.ae
is only a platform that connects job seekers and employers. Applicants are advised to conduct their own independent research into the credentials of the prospective employer.We always make certain that our clients do not endorse any request for money payments, thus we advise against sharing any personal or bank-related information with any third party. If you suspect fraud or malpractice, please contact us via contact us page.
Dr. Job is an online platform that connects employers with skilled job seekers, facilitating the search for job opportunities and top talent. Established in 2015. Dr. Job has emerged as the UAE premier job portal, attracting thousands of job seekers every day in UAE.#J-18808-Ljbffr

---