Application Security Engineer | Jobs in Bahrain by One Vision for Consultancy

JOB DESCRIPTION / ROLE

Employment: Full Time

Application Security Engineer (for a Financial Institution)

Principal Accountabilities & Responsibilities
• Manage application development teams on application security related matters, including application security processes, security architectural reviews, penetration testing and vulnerability management and remediation.
• Integrate security into the software development life cycle, code reviews and penetration tests on web applications to identify vulnerabilities
• To evaluate new applications and develop the supporting security
• Assessments, identify emerging vulnerabilities, risks, and threats during design iterations and provide remediation and ensure security controls are hardened through testing in the development cycle and production deployments.
• Utilize OWASP Top 10 and similar standards to identify and prioritize security risks
• Design, implement, and maintain advanced security features, such as encryption, authentication, access controls, and logging mechanisms.
• Monitor and respond to security incidents and vulnerabilities, performing root cause analysis and recommending corrective actions.
• Lead security training and awareness programs for application teams to promote a security-first mindset.
• Assist with periodic security risk assessments, IT security audits, and management reporting.
• Stay up-to-date with the latest security threats, vulnerabilities, and industry trends, and apply this knowledge to enhance Corporate’s security posture.
• Reviewing, enhancing and compliance to existing processes for all automation, security platforms, ensuring minimal impact to end users and business to achieve operational effectiveness.

REQUIREMENTS

Required Skills
• Good understanding of information security principles and best practice (e.g., PCI-DSS and ISO27001).
• Hands-on experience with DAST/SAST tools and the ability to effectively use them for testing and integration in a CI/CD pipeline.
• Hands-on experience in application penetration testing and tools such as (Burp Suite, OWASP ZAP)
• Good working experience with one of the following programming languages (JavaScript, Typescript, Java)
• Understanding of service-oriented architecture (SOA) and RESTful API (REST), concepts and technologies.
• A solid understanding of NW and web related protocols (such as TCP/IP, UDP, HTTP, HTTPS, protocols).
• Strong understanding of mobile and web application architecture.

Experience
• 7+ years of combined professional experience in information technology & 5+ application security, penetration testing, security assessment, secure software development and security architecture.
• Experience integrating security capabilities and application lifecycle management platforms especially in a DevOps model.

Good knowledge and Experience:
• Continuous integration and deployment (CI/CD) practices.
• Threat modelling and web application security assessments
• Data security protection, security, and privacy by design concepts.
• API Security, Data Encryption & Key Management.
• OWASP Top 10 Web Application Security Risks, vulnerability risk and impact assessment.

Education:
• B.S. degree in Computer Science, Computer Engineering, Information Assurance, or related field.
• Relevant certifications such as OSWA, OSWE, OSCP, GPEN, GWAPT, GCPN are a plus.
• ITIL (Preferred).

ABOUT THE COMPANY

"One Vision for Consultancy" is a one stop professional service provider specialising in:

Employment Consultancy (Human Asset Recruitment & Talent Acquisition): Using a competency based frame work; we indentify the best candidates to fit your unique organisational needs. The objective is to ensure recruitment of high potential talent for long term retention with the capability of achieving succession planning in the organisation. We offer both contingency and retained search.

Our executive team, with their strong corporate and business backgrounds and track record of success, will help you identify and recruit candidates within a short time frame to meet your business needs and requirements. We source talent worldwide as required by specifics or as set by the client.

Facilities Managed Services: We provide staffing resources and services for short as well as long term basis to support front and back office requirements.

Computer Software Design Development and Maintenance: Our objective is to first and foremost understand our clients and their requirements. We work with business alliance partners who have experience, highly skilled technical professionals, a working methodology and good industry knowledge. We provide our clients with solutions that are capable of driving projects to successful completion and customer satisfaction. Provide onsite IT professional for IT maintenance, support, system study, development, implementation or consultancy.

Technical Assistance to maintenance and operations of facilities: System studies, design, develop, implement, support, maintain and manage operational plant services.

Staff augmentation of professionals for short and long term projects.

Easy Apply