Application Security (Onsite as a service) to support QFZ
Job Fit Check
Base Career helps you apply smarter for this job.
Key skills for this role
About the Role
malomatia is seeking an Application Security Specialist to join its Cybersecurity Practice, responsible for penetration testing, security scanning, threat modeling, secure code review, and DevSecOps integration.
Key Skills for This Role
Responsibilities
- Conduct penetration tests on web applications, mobile applications, APIs, and thick client applications.
- Implement, tune, and manage automated security scanning tools (SAST, DAST, SCA).
- Perform threat modelling to identify potential security risks early in the design process.
- Review application source code for security vulnerabilities and provide remediation recommendations.
- Integrate security testing and controls into CI/CD pipelines.
- Develop and deliver secure coding training sessions and workshops.
- Assess and recommend tools and technologies for application security testing.
- Create and maintain documentation for security assessments, vulnerability management, and standards.
Requirements
- Bachelor's degree in Computer Science, Information Security, or related field
- At least 3 years of experience in application security, secure software development, penetration testing, or related field
- Proficiency with Burp Suite
- Relevant professional certifications (e.g., OSWA, OSWE, eWPT, GWAPT) are highly desirable
- Familiarity with Snyk, HCL AppScan, Fortify, Postman preferred
- Knowledge of OWASP Top 10, ASVS, MASVS, WSTG, MSTG
Full Job Posting
Job Description
- We are seeking a skilled Application Security Specialist to join our Cybersecurity Practice.
- In this role, you will work closely with our application security, development, and QA teams to secure our clients’ applications across their entire lifecycle.
- You will conduct security testing, perform penetration tests, and assess vulnerabilities across web, mobile, API applications.
Responsibilities
- Penetration Testing: Conduct penetration tests on web applications, mobile applications, APIs, and thick client applications. Prepare detailed reports with clear risk ratings and actionable remediation recommendations.
- Security Scanning: Implement, tune, and manage automated security scanning tools (SAST, DAST, SCA) to continuously identify vulnerabilities in code, configurations, and third party dependencies across all application types.
- Threat Modelling: Perform threat modelling to identify potential security risks and attack surfaces associated with applications early in the design process, and provide guidance on mitigating these risks.
- Secure Code Review: Review application source code for security vulnerabilities across multiple platforms and languages, and offer practical, developer friendly recommendations for remediation.
- DevSecOps Integration: Integrate security testing and controls into CI/CD pipelines, enabling continuous and automated security validation as part of the development workflow.
- Training & Awareness: Develop and deliver secure coding training sessions and workshops to raise application security awareness among development teams and other stakeholders.
- Tool Evaluation: Assess and recommend tools and technologies to enhance application security testing and monitoring capabilities across various platforms.
- Documentation: Create and maintain comprehensive documentation related to security assessments, vulnerability management, and application security standards and policies.
Qualifications
- Education: Bachelor’s / college degree in Computer Science, Information Security, or a related field.
- Experience: At least 3 years of experience in application security, secure software development, penetration testing, or a closely related field.
- Certifications: Relevant professional certifications are highly desirable. These may include, but are not limited to: OffSec certifications (e.g., OSWA, OSWE), eLearnSecurity (e.g., eWPT, eWPTX), GIAC / SANS (e.g., SEC542, GWAPT), BCSP or other application security certifications.
- Technical Skills: Proficiency with security testing tools such as Burp Suite (required), and familiarity with Snyk, HCL AppScan, Fortify, and Postman (preferred). Strong understanding of secure coding practices and hands on experience with at least one programming language. Familiarity with DevSecOp
- Knowledge: In depth knowledge of application security principles and practices, with strong familiarity with security frameworks and guidelines (e.g., OWASP Top 10, ASVS, MASVS, WSTG, MSTG). Understanding of common vulnerability classes, exploitation techniques, and remediation strategies. Knowledge
Apply for this job in 1 click
Skip the repetitive application forms
Install the Base Career Chrome Extension and autofill job applications across major job boards with your profile.
Trusted by over 500,000 job seekers on Base Career
More from this employer
More jobs at malomatia
Security Engineer Implementor (Cloud)
Doha, QAT
malomatia seeks an experienced Microsoft Security Consultant to join its Cybersecurity Practice in Doha. The role involves designing, implementing, and operating security controls across the Microsoft security stack for
Senior Cybersecurity Consultant (Onsite)
Doha, QAT
Malomatia seeks a Senior Cybersecurity Consultant to join its Cybersecurity Practice as an Incident Handler in Doha. The role involves leading incident detection, investigation, containment, and recovery across enterpris
IT Security Governance Officer
Doha, QAT
malomatia seeks an IT Security Governance Officer to develop, implement, and maintain government-aligned information security policies, standards, and procedures in Doha. The role ensures compliance with national cyberse
IT Network Engineer
Doha, QAT
malomatia is hiring an IT Network Engineer to design, implement, and support LAN/WAN infrastructure, ensuring secure and reliable network connectivity. The role requires 7+ years of experience and certifications such as
IT Security Specialist
Doha, QAT
malomatia is seeking an IT Security Specialist to implement security policies, manage security devices, monitor networks, and respond to incidents. Requires a Bachelor's degree in computer engineering, CISSP/CISM/CEH cer
Engineer - Filenet System
Doha, QAT
malomatia seeks a highly skilled FileNet System Engineer to provide technical leadership for IBM FileNet P8 solutions, including implementation, support, and optimization. The role requires 5+ years of hands-on FileNet e
Business Analyst / QA Consultant - Core Banking - Finastra EQUATION
Doha, QAT
Malomatia seeks a Business Analyst Consultant with 5+ years of continuous experience in Finastra EQUATION Core Banking System. You will gather requirements, prepare functional specifications, perform business process ana
Portfolio Manager – Strategic Programs (Qatari National)
Doha, QAT
malomatia is seeking a Portfolio Manager to oversee large, complex strategic programs, ensuring timely execution and regulatory compliance. The role requires close engagement with senior government stakeholders to align
Security Engineer Implementor (Cloud)
Doha, QAT
Senior Cybersecurity Consultant (Onsite)
Doha, QAT
IT Security Governance Officer
Doha, QAT
IT Network Engineer
Doha, QAT
IT Security Specialist
Doha, QAT
Engineer - Filenet System
Doha, QAT
Business Analyst / QA Consultant - Core Banking - Finastra EQUATION
Doha, QAT
Portfolio Manager – Strategic Programs (Qatari National)
Doha, QAT