Job description / Role
At DarkMatter, we are building an organisation of specialists to provide the ultimate integrated cyber security protection available. Whatever the scope, scale or sensitivity of our clients' work, we'll assess their risks, resolve their vulnerabilities and always keep them ahead of the threat, offering them the best possible products and solutions.
As The Head of Product Security you will:
- Build from the ground up an industry leading Product Security Function including leading the overall vision, management and technical operation of our Product Security function for our Secure Communications team. This includes creating the policies, procedures and guidelines for how security is integrated into the development lifecycle of key DarkMatter products.
- Take the output of a recent Synopsys BSIMM review and help the organization address the findings and help reach a very high level of Software Security maturity.
- Implement security gates and processes early in the SDLC.
- Perform and review threat models, ensure that the security requirements that are identified as part of these reviews are incorporated into the design phases of the applications and systems you will be responsible for.
- Perform and review the output of SAST and DAST testing and binary composition analysis tools. Ensure that any findings are addressed / tracked as per organizational guidelines.
- Identify security champions within all development teams and create the security champion programme
- Create or oversee the creation of re-usable code components/libraries which are validated secure for core functionality relating to authentication/authorization and privileged operations.
- Identify suitable training for product development teams for defensive code practices. Monitor the output of training and the measurable improvements in code quality over time Interface between Engineering and external teams to ensure security validation of the products
- Maintain security assurance reports and documentation
- Train Engineering team on security assurance
- Ensure compliance with internal and external governance and audit requirements
- 10-15 years of demonstrable experience in-depth / expert level knowledge of application security concepts ideally gained through a career as an application security tester
- Familiarity with OWASP OpenSAMM/Synopsys BSIMM
- Familiarity with DevSecOps, automation, incorporating security tooling early in the SDLC.
- Familiarity with Threat Modelling of enterprise and mobile applications. Creation of use cases and abuse cases, identifying security requirements.
- Familiarity with Mobile Security as it pertains to iOS and Android. Folks with mobile security testing experience a big plus
- Evidence of thought leadership in Application/Product security through blogs, conference presentations considered a big plus
- Must have come from development background or knows how to code/self-taught. There will be extensive interactions with development teams on a day to day basis and being able to gain their respect is key to success in the role.
Working in Abu Dhabi
At DarkMatter, we're turning our biggest ideas into reality in the fastest moving and most dynamic city on the planet. Working here, you'll lead technical innovation in the region while taking advantage of all Abu Dhabi has to offer. From first class healthcare and education, to superior living accommodations and cultural attractions, you'll find your ideal career and more in this global crossroads. The UAE is one of the safest and most secure areas in the world. And with its location between Europe, Africa and Asia, you'll expand your worldview in just a short flight. But you won't have to venture far from the city to experience its diversity. You'll find people of over 50 nationalities working in the DarkMatter Group. Join us and see that while far away from the concrete tech jungle, Abu Dhabi is an oasis where your latest innovations will thrive and grow.
About the Company
DarkMatter is transforming the cyber security landscape. Headquartered in the UAE and operating globally, we're the region's first and only fully integrated digital defence and cyber security consultancy and implementation firm. Our elite team of global experts deliver advanced, next-generation solutions to governments and enterprises across the cyber security spectrum.
We help clients simplify the enormous complexity of today's ever-evolving cyber threats. Our vision is to protect the future by securing its technologies. Innovation and Research are cornerstones to our development and the activities in these areas underpin our entire range of offerings, including Secure Communications, Public Key Infrastructure and Big Data & Analytics products.