Security Specialist (Application & Compliances)

zyp , a dynamic software development company, is seeking a highly talented and seasoned Security Specialist (Appication and Compliances) based in Pakistan having a minimum of 5+ years of experience. As a Security Specialist, your primary responsibility will be to ensure the security and compliance of application software and systems. You will assess, design and implement security controls to protect application assets, data, and functionalities, while ensuring adherence to relevant regulatory requirements and industry standards. Core Responsibilities:

• Conduct comprehensive security assessments of application software, architectures, and designs to identify vulnerabilities, weaknesses and security gaps.
• Design and implement security controls, mechanisms, and countermeasures to mitigate identified risks and threats, including input validation, authentication, authorization, encryption and logging.
• Perform code reviews, static and dynamic analysis and security testing (e.g., penetration testing, fuzz testing) to identify and remediate security vulnerabilities in application code and configurations.
• Ensure compliance with relevant regulatory requirements, industry standards and best practices for application security, data privacy and information security management (e.g., GDPR, PCI DSS, HIPAA).
• Develop and maintain security policies, procedures and documentation to demonstrate compliance with legal and regulatory mandates and facilitate security audits and assessments.
• Coordinate and support internal and external audits, assessments, and certifications related to application security and compliance, including preparation, response and remediation efforts.
• Monitor application security events, alerts and logs for signs of unauthorized access, suspicious activities or security breaches.
• Develop and implement incident response plans, procedures and playbooks to facilitate timely detection, containment and resolution of security incidents and breaches.
• Establish and maintain security governance frameworks, standards and metrics to measure, monitor and report on the effectiveness of application security controls and compliance efforts.

• Bachelor's or Master's degree in Computer Science, Information Security, or related field.
• Minimum 5 years of experience in application security roles, with a focus on designing, implementing, and managing security controls for web applications, mobile apps and cloud-based services.
• Proficiency in application security assessment tools and techniques, including static and dynamic analysis, vulnerability scanning and penetration testing tools.
• Strong understanding of secure coding practices, web application frameworks (e.g., Angular, React, Node.js) and programming languages (e.g., Java, Python, JavaScript).
• Familiarity with security standards and frameworks as well as relevant regulatory requirements (e.g., GDPR, PCI DSS, HIPAA).
• Excellent analytical and problem-solving skills, with the ability to assess complex application security risks, identify root causes and recommend effective mitigation strategies.
• Strong communication and interpersonal skills, with the ability to collaborate effectively with cross-functional teams, articulate technical concepts to non-technical stakeholders.

• Bachelor's (Preferred)

• Application Security roles: 5 years (Required)

• English (Required)