APPLICATION SECURITY ENGINEER

Description

JOB PURPOSE:
To deploy, operate, ensure and maintain the appropriate application and software security solutions, controls and tools within the overall bank’s approved security architecture framework and according to bank’s information security policies, procedures and guidelines.

Description
1.Monitor, Define, Implement and operate the enterprise applications security platforms, Public Key Infrastructure (PKI), and assist in fixing the vulnerabilities / gaps identified from security scanning tools and services in order to provide the required assurance that corporate applications and published services are up and running in a secured way according to bank’s information security policies.
2.Run static code scanning tools and perform manual code inspection in alignment with IT Development team, while providing Information Security Compliance team with a clean report to provide assurance that secure code practices are being followed.
3.Provide the required level of support for all managed systems and applications from application security perspective, acting as a focal point between Information Security Compliance team and the remaining IT stakeholders for any required security assessments. in order to maintain business operations and security controls according to approved service level agreement and information security standards.
4.Participate in dynamic code scanning, application security design reviews and penetration testing of internal web applications and external partner applications to mitigate the identified vulnerabilities and security defects.
5.Supports the implementation and enforcement of technical security measures on the application level according to policies, standards, and patterns of Information Security, in order to be fully aligned with corporate approved Secure Software Development Lifecycle.
6.Participate in security architecture reviews for different applications as part of the BRD, Projects and SDLC process lifecycle to ensure effective security controls over enterprise applications as well as mitigation of reported vulnerabilities as security defects.
7.Serves as a Subject Matter Expert (SME) in web application security for enterprise projects during development phases to provide security consulting and recommendations and assist in implementing and fine-tuning the different security controls in alignment with the business applications’ functionalities such as the Web Application Firewall (WAF) and the Next Generation Firewalls’ (NGFW) policies and access lists.
8.Perform security functional testing as needed and validate pen-test findings, in order to provide information security by the required levels of assurance that identified security gaps and vulnerabilities have been mitigated as planned.
9.Ensure proper configuration and functionality of the managed solutions and coordinate with support vendors for resolving issues impacting solutions’ availability, in order to keep solution with full compliance of current environment architectural and incident response requirements.
10.Ensure that all implemented projects meet application security best practice, and guidelines, including but not limited to integration of third party security products within the current infrastructure, in order to ensure solution proper implementation and operation.
11.Produce regular monthly KPIs, application security reports and dashboards for incidents identified on managed platforms, actions taken and mitigations applied for further reporting in order to be represented to the respective stakeholders/committees as needed.
12.Support and Assist security related infrastructure/information Security teams in the estimation of implementation project time and materials, testing and evaluation of new technologies and security controls, in order to effectively optimize organization resources.
13.Provide project management support by facilitating demonstrations of vendor partner products, reviewing and co-authoring statements of work, evaluation support for product demos, in order to ensure effective engagement towards business objectives.
14.Ensure that application security tools and technologies are deployed in the current environment in line with architectural requirements with the appropriate levels of application security controls and systems monitoring at all levels, in order to ensure effective controls according to business/compliance/regulation requirements.
Policies, Processes and Procedures
15.Follow all relevant department policies, processes, standard operating procedures and instructions so that work is carried out in a controlled and consistent manner.
Day-to-day operations
16.Follow the day-to-day operations related to own jobs in the IT Security, Control & Quality Assurance department to ensure continuity of work.
Compliance
17.Comply with all relevant CBE regulations, banking laws, AML regulations and internal CIB policies and code of conduct in order to maintain CIB’s sound legal position and mitigate any potential risks.

Qualifications

QUALIFICATIONS, EXPERIENCE, & SKILLS
 Bachelor’s degree of Engineering, Computer Science or equivalent.
 Senior Engineer: Minimum of 6 – 8 years of experience in IT Security and related disciplines.
 Experience in use of various commercial and open source penetration testing tools and methodologies and performing penetration testing of web applications and operating systems.
 Experience in identifying and remediating common web application vulnerabilities such as OWASP Top 10.
 Familiarity with APT attack and kill chains.
 Experience with enterprise security architecture and software such as Web Applications Firewalls, Next Generation Firewalls, email sandboxing, etc
 Experience in configuring and implementing technical security solutions, application security platforms, sandboxing, and similar technologies.
 Good written and verbal communication skills
 Self-motivated, Problem Solving Skills, Detail oriented
 Proven analytical and problem-solving abilities
 Ability to effectively prioritize and execute tasks in a high-pressure environment
 Experience working in a team-oriented, collaborative environment
 Good command of English language.
Recommended Certifications
 Microsoft Certified Systems Administrator: Security
 GIAC Information Security Fundamentals
 CCNP Security

Primary Location: Egypt-Giza-SMART VILLAGE BLDG. 1

Work Locations: B219 - Financial District, Smart Village, Cairo - Alex Desert Road

Job: Back Office

Organization: FINANCE, STRATEGY, OPERATIONS & TECHNOLOGY

Shift: Day Job

Job Type: Full-time Employee