- 经验
- 3+ yrs
- 薪水
- —
- 职位空缺
- 1
- 发布
- 1 小时前
- Work mode
- 在办公室
- 学历
- Bachelor’s degree in Computer Science, Information Security, or related field
- Resume
- Required to apply
Where you'll work
职位描述
Role Overview
We are looking for an Application Security Specialist who can help protect applications throughout the entire development and release cycle. In this role, you will partner with development, DevOps, and QA teams to build security into web, mobile, API, and thick-client applications from the start.
The position centers on finding security weaknesses, running testing activities, promoting secure development habits, and embedding security checks into CI/CD workflows through a DevSecOps mindset.
Key Responsibilities
- Test web, mobile, API, and thick-client applications for security issues using penetration testing methods.
- Use automated tools and techniques such as SAST, DAST, and SCA to uncover flaws in code, configurations, and third-party dependencies.
- Conduct threat modeling during the design stage to spot potential risks and define practical mitigation steps.
- Review source code from a security perspective and give developers clear, actionable remediation advice.
- Build security controls into CI/CD pipelines to support DevSecOps delivery.
- Create and run secure coding training sessions and awareness programs for development teams.
- Assess application security products and recommend suitable tools and technologies.
- Document assessment results, vulnerabilities, and application security standards in a clear and maintainable way.
Requirements
- At least 3 years of experience in application security, secure software development, or penetration testing.
- Practical, hands-on experience testing web, mobile, API, and other application types.
- Strong working knowledge of Burp Suite, which is required, plus familiarity with tools such as Snyk, HCL AppScan, Fortify, and Postman.
- Solid understanding of secure coding principles and proficiency in at least one programming language.
- Experience working with DevSecOps processes and integrating security into CI/CD pipelines.
- Good knowledge of OWASP Top 10, ASVS, MASVS, WSTG, and MSTG.
- Understanding of common vulnerability categories, exploitation approaches, and remediation methods.
- Strong analytical ability along with reporting and communication skills.
- Bachelor’s degree in Computer Science, Information Security, or a closely related discipline.
Preferred Certifications
- OffSec certifications such as OSWA or OSWE.
- eLearnSecurity certifications such as eWPT or eWPTX.
- GIAC / SANS certifications such as SEC542 or GWAPT.
- Other recognized application security certifications.
Additional Advantage
Knowledge of the Qatar National Information Assurance (NIA) framework will be considered a plus.