CYBERSECURITY ASSURANCE OFFICER

Job Purpose: Job Purpose Execute and continuously refine the security
verification processes define by the assurance program consisting of risk
assessments, vulnerability assessments and penetration tests based on industry
best practices. Also, assist in evolving the assurance program on an ongoing
basis to incorporate industry best practices, offensive and defensive attack
techniques. Job Accountabilities Linked to Objective Areas (Maximum of ‎10) -
Execute in-depth automated and manual discovery of security vulnerabilities in
web applications, mobile applications, web services and client server
application and associated infrastructure - Execute a thorough verification of
the vulnerabilities found during the assessment and associated risk as per
risk assessment framework - Provide necessary knowledge transfer of the
vulnerabilities found during the assessments to the software engineering teams
by means of meetings, walkthroughs, technical discussions etc. for
implementing appropriate security fixes. - Ability to help development teams
build defense in depth controls in web & mobile applications. - Track all the
identified security weaknesses and risks through their life-cycle from
identification to resolution to verification and closure through the
Information Security Risk Tracking system. - Skills to participate in red
teaming complex environments with up to date knowledge on exploitation and
helping blue team to build use cases for stronger defense. - Participate in
evolving the assurance program on an ongoing basis to incorporate industry
best practices, offensive and defensive attack techniques - Collaborate with
software engineering teams to ensure a better understanding of the business
and have to get more context for each assessment that needs to be carried out.
- Collaborate with application development teams on improving security by
offering design reviews, threat modelling, awareness, training, new tooling
and expert review
Qualifications & Experience: Minimum
Qualifications/Experience/Knowledge/Skills Qualifications: Degree or honours
(‎12+‎3 equivalent) Candidate with Computer Science or Computer Engineering
preferred Experience: ‎6+ years of relevant experience in the information
security domain Knowledge/Skill Set: ‎1. Certifications: ‎2. Offensive Security
Certified Professional (OSCP) - Preferred ‎3. GIAC Web Application Penetration
Tester (GWAPT) - Preferred ‎4. Certified Information Systems Security
Professional (CISSP) - Preferred ‎5. Software engineering experience preferably
with Java and .NET technologies. ‎6. Experience building tools and processes to
reliably identify security issues such as SQLi, XSS, CSRF, and business logic
flaws across large code bases. ‎7. Expertise with browser security controls
(CSP, XFO, HSTS, etc.), web application security topics such as OWASP Top ‎10,
and authentication infrastructure (SAML, OAUTH, JWT). ‎8. Experience in
database, application, and web server security design, implementation &
review. ‎9. Knowledge on Infrastructure Security is a plus. Critical Competency
(Minimum ‎3/Recommended ‎6) ‎0. Delivery Individual Specialist ‎1. Drive
Individual Specialist ‎2. Business Thinking Individual Specialist ‎3.
Collaboration Individual Specialist ‎4. Engaging Others Individual Specialist
Salary & Benefits: Join us in Dubai and enjoy an attractive tax-free salary
and travel benefits that are exclusive to our industry, including discounts on
flights and hotels stays around the world. You can find out more information
about our employee benefits in the Working Here section of our website
www.emirates.com/careers. Further information on what's it like to live and
work in our cosmopolitan home city, can be found in the Dubai Lifestyle
section.