Cybersecurity Engineer - Application Security

Job Description

Information Security Governance

• Working with application development and maintenance teams to ensure that the application security coverage from the requirement gathering level, SDLC, application implementation and after implementation.
• Coordinate with vendors and conduct vulnerability assessments and penetration testing for applications (web, on premises, mobile, public facing)
• Conduct security static and dynamic testing through the provided tools – before go live (new or changes)
• Coordinate with Cybersecurity Engineer – governance and risk management to maintain application security management policies/ procedures and risk management.
• Assist to develop, implement, and manage the overall application enterprise process for information security and associated architecture standards such as ISO 27001, NIA, cyber security law, privacy management law and Qatar 2022 cyber security requirement.
• Evaluate suspected security breaches and recommend corrective actions (including incidents involving outside vendors).
• Follow cyber security incident management and incident response plan
• Serve as the part of the security incident response planning and execution
• Assist Risk Management, Internal Audit and IT department in the development of appropriate criteria needed to assess the level of new/existing applications and / or technology infrastructure elements for compliance with enterprise security standards.
• Assist in the review of application and/or technology environments during the development or acquisition process to (a) assure compliance with corporate security policies and directions and (b) assist in the overall integration process regarding SJC IT’s own technology environment.
• Application layer continuity management during the crisis situations
• Evaluate information security KPIs based on the Information Security/privacy Objectives and reviewing those KPIs based on the security objective’s changes
• maintenance of Application layer to support the organization’s information security/privacy policies and procedures and ensure timely updating thereof in light of changing circumstances/ best practices/ regulatory directives.
• Work with IT Security lead to coordinate with MOI security shield and maintain the NCSOC onboarding and continuity of connectivity
• Work with IT Security lead to coordinate with MPTO team and maintain Qatar 2022 implementations based on the agreed roadmap
• Provide daily, weekly and monthly reports to Information Security Lead related environment application level changes, incidents, problems, service operation and critical area.
• Mandatory actions
• IT Security Team Meeting – Monthly Basis
• Risk register validation – monthly basis (until IT environment in stable state)
• Information Security KPI validation – Monthly, Quarterly (reporting), Bi-annual and annual
• Compliance management – NIA, Qatar 2022, NCSOC, Q-cert, ISO 27001:2013, Cyber Crime Law, Privacy Law and other applicable laws and regulations to SJC IT.

Qualifications

• Skills, Knowledge and Expected Behaviors against Values

ORGANIZATION Values

• Deep understanding and management experience of Information Security standards, processes and risk management.
• Knowledge of Department Priorities, Products, and the strategy
• knowledge information security landscape
• Maintain ISO27001:2013 certificate and other compliance requirements
• Application security knowledge
• Static and dynamic testing
• OWAPS
• Web application security
• .Net and Oracle environments
• Information security KPI validation
• Benchmarking
• Risk Management
• Maintaining Information Security Management Policies and procedure
• Knowledge of government and regulatory requirements
• Experience with Security Operations Center (SOC)
• Experience in current Security tools and solutions
• Personal information privacy management
• Act as One
• Over deliver on our promises
• Share what matters

• Always Challenge Assumptions

• Be pioneering

• SJC IT Information Security Lead

• IT Department team and heads

• IT Security Team

• Internal Auditors
• Vendors
• External Auditors
• Regulatory

Required Qualifications

• University Degree in Information Technology with Msc. in Information Security/ Cyber security from a recognized university is a plus.
• Certifications in Information security such as CISM, CISA, CRISC, CISSP, CBCP, GIAC, ISO27001LA
• Offensive security certifications CEH and CHFI is a plus

Preferred Experience

• Minimum 3 years of experience of which a minimum of 2 years should be in a similar position / responsibility.

About Us

About The Team