Technical Engineer IT Security
Emirates Airlines - United Arab Emirates
Responsible for Technology Implementation and Operational Support of the relevant technology area for Production & Development including Configuration, Testing, Implementation and Support.
To support the IT Production processes governing, Incident Management, Problem management, Service Level management, Capacity management, Availability management and IT Service Continuity.
Ensure that assigned incidents are resolved within the agreed Service Levels and where applicable, workarounds are provided to minimize business impact.
Ensure that assigned problems are defined and analysis inline with the Problem Management Process. Ensure that solutions to problems meet the architectural and security standards within the technology area and impact to the business is minimized.
Act as a technical resource within projects.
Act as a technical resource to assist with Capacity Management, IT Service Continuity and Availability management.
Support the Identification of areas of improvement within relevant technology area and the implementation of appropriate Service Improvement Programmed which are initiated to improve service levels by increasing capacity, availability and IT Service Continuity.
Qualifications & Experience
Computer science or computer engineering degree preferred
3yrs+ relevant experience in the information security domain
-Software engineering experience, preferably with Java and .NET technologies
-Experience building tools and processes to reliably identify security issues such as SQLi, XSS, CSRF, and business logic flaws across large code bases.
-Expertise with browser security controls (CSP, XFO, HSTS, etc.), web application security topics such as OWASP Top 10, and authentication infrastructure (SAML, OAUTH, JWT)
-Experience in database, application, and web server security design, implementation & review
-Knowledge on infrastructure security is a plus
-Certifications (preferred / advantageous):
Offensive Security Certified Professional (OSCP)
GIAC Web Application Penetration Tester (GWAPT)
Certified Information Systems Security Professional (CISSP)