– Threat modelling and Risk assessment of new development/purchase, existing applications, and project changes.
– Link enterprise security threat modelling results to application security domain and take corrective/preventive actions.
– Define and Implement security guidelines for application & database development (secure SDLC, Secure coding practices etc.) based on vendor (Microsoft/Oracle), independent organization (OWASP), Benchmarks (CIS), and CERT guidelines etc.,
– Work closely with Application development team providing support through their development lifecycle.
– Coordinate with application development vendors to ensure 3rd-party software and development meets MOE security standards.
– Help developers code securely by implementing/managing tools at Coding, Release Management, Staging and Publishing phases.
– Efforts must be inline with MOEHE ISMS and QCERT NIA Policy
– Review business requirements, solution and application design from application security perspective.
– Propose changes or define application security requirements. Ensure recommendations are implemented.
– Conduct dynamic and static code review of applications (developed in Java, .NET, Sharepoint, jquery, ajaxetc) at each stage of development. Expert user of any code review tool.
– Conduct penetration testing of applications before/after going live.
– Work with F5 security expert to design/customize security policy on ASM of F5
– Work with SoC team to better monitor events/incidents related to application and database threats and vulnerabilities o Ensure all incidents/events related to application threats are monitored.
– Subscribe to security advisories from application technology vendors and others.
– 7+ years of relevant application security experience.
– Thorough understanding of the latest security principles, techniques, and protocols
– Detailed technical knowledge and best practices of :
permissions),Familiarity with network and operating system security.
-Thorough understanding of the latest security principles, techniques, and protocols
Salary & Employment Grade:
Based on relevant experience, skills and education of the candidate as per prevailing Qatar HR Law for Government Employees.
Direct line to Head of Application Section.
Dotted line to IT Security Lead.
Coordinate with Information Security Team.
- Job Location:
- Doha, Qatar
- Company Industry:
- Education, Training, and Library
- Company Type:
- Employer (Public Sector)
- Job Role:
- Employment Type:
- Full Time Employee
- Monthly Salary Range:
- Number of Vacancies:
- Job Ref.:
- Career Level:
- Mid Career
- Years of Experience:
- Min: 7
- Bachelor’s degree / higher diploma