IT Security – Application Security Officer

Key accountabilities:

  • Bring support on infrastructure related security topics and ensure reliability of local entities feedback by performing security assurance testing
  • Enforce application security initiative and implement security in Project Development Life Cycle (which includes Software Development Life Cycle)
  • Monitor and validate progress on the remediation implemented to address outstanding issues/vulnerabilities
  • Manages internal and external VAPT engagements conducted by external vendor. Ensures closure of audit finding.
  • Review result and methodology from vulnerability scan and penetration test conducted by vendor
  • Perform manual or automated tests to validate remediation
  • Perform technical and security reviews on servers, network devices, and applications
  • Work with internal teams to resolve security findings
  • Take the corrective action needed to meet the standards required by security policy, procedures, network architectures and software design
  • Ensure a seamless remediation response to the needs of business units, IT managers, and local and Group security managers
  • Promote security awareness program on secure coding and systems development life cycle
  • Review vulnerabilities and threats of applications and software before installation
  • Other tasks or duties that may be assigned in line with the Information Security Program

Essential Skills:

  • University degree in Computer Science or related fields.
  • Expert knowledge of software designs and how to secure them
  • Expertise in analyzing and securing web and application designs
  • Expert in security assurance testing (application security, vulnerability management, and penetration testing
  • Expertise in data encryption: storage, transfer via a network; and application-level authentication
  • Knowledgeable with Qualys and Xray scan
  • Knowledgeable in Top 10 OWASP
  • Ability to audit vulnerabilities and mitigate risks
  • Expertise in managing and protecting systems against threats
  • Knowledgeable in ISO standards 27001/27002 is a plus
  • CISSP, CISA, CEH, GCIH or GPEN certification would be a plus
  • A minimum of three-year experience in the field of Information Security, Technology Risk, or IT Audit.
  • Understand technologies and issues on systems reliability, security, and disaster recovery.
  • Able to develop a clear understanding of clients and customers’ technology needs.
  • Understand the linkage between information technology and business value.
  • Conversant and knowledgeable on the latest technology innovations and possibilities, understanding how key technologies can help address security issues.
  • Excellent project management skills and a strong ability to prioritize to achieve target dates.
  • Knowledgeable in VAPT tools
  • Possesses excellent verbal and written communication and presentation skills in English.

To apply for this job email your details to