Application Security Lead

Join to apply for the Application Security Lead role at AW Rostamani Group Continue with Google Continue with Google Join to apply for the Application Security Lead role at AW Rostamani Group Direct message the job poster from AW Rostamani Group Talent Acquisition

HR Operations

MBA

CHRP

CHRM

HR Analytics

UAE Labor Laws

Head Hunting

Recruiting

Employer Branding

Job Purpose: The Lead Application Security professional will be responsible for the security of all software applications within the organization. This role requires deep expertise in secure software development, vulnerability management, and application security testing. The individual will work closely with development, Dev Ops, and IT teams to integrate security throughout the software development lifecycle (SDLC) and protect against security threats, data breaches, and other vulnerabilities.Job Responsibilities: Application Security Strategy & Leadership- Develop, implement, and maintain the organization's application security strategy.- Lead the integration of security best practices into the software development lifecycle (SDLC) for both in-house and third-party applications.- Work closely with development and IT teams to ensure application security is prioritized throughout the entire development and deployment process.Secure Software Development & Code Reviews- Collaborate with software development teams to implement secure coding practices and frameworks (e.g., OWASP Top 10).- Perform regular code reviews and static/dynamic analysis of applications to identify potential security vulnerabilities and weaknesses.- Provide guidance on secure design, coding, and testing techniques to ensure applications are built securely from the ground up.Application Vulnerability Management- Conduct vulnerability assessments and penetration tests of web and mobile applications, APIs, and microservices to identify security risks.- Manage the remediation of identified vulnerabilities, working with development teams to address security gaps and validate fixes.- Establish a process for continuous application vulnerability monitoring, using tools like SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing).Security Testing & Penetration Testing- Lead the implementation of security testing methodologies, including threat modeling, fuzz testing, and automated vulnerability scanning.- Oversee third-party security testing vendors and internal teams conducting penetration tests, ensuring results are acted upon effectively.- Continuously assess applications for new security threats and ensure they are appropriately hardened.Application Security Tools & Technologies- Select and manage application security tools and technologies such as Web Application Firewalls (WAFs), Runtime Application Self-Protection (RASP), and vulnerability scanning tools.- Ensure proper integration of security tools into the continuous integration/continuous deployment (CI/CD) pipeline for Dev Ops and Agile environments.- Ensure security tools are up to date and effective at protecting against modern application threats.- Act as the primary liaison between security, development, and operations teams, ensuring strong collaboration and communication regarding application security.- Lead and mentor a team of application security engineers, providing training and development in secure coding practices, vulnerability management, and threat modeling.- Collaborate with Dev Ops teams to ensure secure CI/CD practices, promoting the principles of Dev Sec Ops.- Lead the response to application security incidents, ensuring that vulnerabilities are identified, analyzed, and remediated promptly.- Coordinate with other security and IT teams during security incidents to contain and mitigate threats to applications.- Develop post-incident review processes to continuously improve application security posture.Application Security Training & Awareness- Develop and deliver application security training for development teams, covering secure coding standards, common vulnerabilities (e.g., OWASP Top 10), and secure software design.- Promote a security-first culture within the development and IT teams, encouraging proactive identification and resolution of security risks.- Create and maintain security playbooks and guidelines for developers and Dev Ops teams.Compliance & Regulatory Requirements- Ensure application security practices comply with industry standards and regulations- Participate in audits and compliance reviews, ensuring that security controls and practices are aligned with regulatory requirements.- Work with legal, compliance, and audit teams to ensure proper documentation and evidence for application security compliance.Emerging Threats & Technology Trends- Stay informed about the latest application security threats, vulnerabilities, and attack vectors (e.g., zero-day exploits, API attacks).- Research and implement emerging security technologies and methodologies to protect against new and evolving threats.- Continuously evaluate and recommend improvements to the organization's application security practices, tools, and policies.Qualifications / Experience / Competencies: Qualifications & Certifications: Bachelor of Engineering (Electronics) or Equivalent Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Secure Software Lifecycle Professional (CSSLP), Certified Ethical Hacker (CEH), GIAC Web Application Penetration Tester (GWAPT), or equivalent are desirable.Skills: - In-depth knowledge of application security principles, including authentication, authorization, encryption, and secure communications.- Hands-on experience with security testing tools such as Burp Suite, OWASP ZAP, SAST/DAST, and penetration testing tools.- Familiarity with Dev Sec Ops practices, integrating security into CI/CD pipelines.- Strong problem-solving and analytical skills with the ability to think critically about security threats and solutions.- Excellent communication skills with the ability to explain technical issues to non-technical stakeholders.- Leadership: Strong leadership abilities with the capability to guide development and security teams toward secure application development practices.- Risk Management: Ability to assess risks and implement mitigations for application security vulnerabilities.- Collaboration: Strong interpersonal skills to work with cross-functional teams, including development, IT, and business stakeholders.- Technical Expertise: Advanced knowledge of secure coding, vulnerability management, and application security testing tools and techniques.- Communication: Ability to articulate security concepts to technical and non-technical stakeholders.Seniority level Seniority level Mid-Senior level Employment type Employment type Full-time Job function Job function Consulting, Information Technology, and Management Industries Holding Companies, Automation Machinery Manufacturing, and IT Services and IT Consulting Referrals increase your chances of interviewing at AW Rostamani Group by 2x Get notified about new Application Specialist jobs in Dubai, United Arab Emirates.Client Technology Applications Senior Specialist Application Support Specialist – Wealth Management Dubai, Dubai, United Arab Emirates 1 year ago Business Data & AI Analyst(Arabic speaking)Business Analyst - ATM Domain (NCR and Diebold)Business Analyst ( Digital – App/Web exposure)We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI. #J-18808-Ljbffr