Assistant Manager - Application Security

Qiddiya Investment Company is looking for a highly-skilled and motivated Assistant Manager - Application Security to join our dynamic team. In this role, you will play a critical part in fortifying the security framework for our application development processes. You will work collaboratively with cross-functional teams to embed security best practices across all stages of the software development lifecycle (SDLC).

Your responsibilities will include conducting comprehensive security assessments, performing vulnerability analysis, and offering guidance on secure coding practices. You will influence the culture of security within our organization, ensuring that applications are developed with a strong security mindset.

Key Responsibilities

• Assist in strategizing and executing the application security roadmap aligned with organizational objectives.
• Conduct regular security assessments and penetration testing on applications and services.
• Provide actionable guidance for developers on remediating identified vulnerabilities.
• Participate in threat modeling and risk assessment activities.
• Facilitate training sessions and workshops to promote awareness of secure coding practices.
• Stay up-to-date with the latest security trends, vulnerabilities, and industry standards.
• Collaborate with DevOps teams to integrate security tools and practices into CI/CD pipelines.
• Document and report on security metrics and the status of remediation efforts.

Requirements

• Bachelor's degree in Computer Science, Cybersecurity, Information Technology or related discipline.
• Minimum 4 years of professional experience in application security or software development roles.
• Expertise in application security frameworks and standards (e.g., OWASP Top Ten, NIST guidelines).
• Experience with security testing tools (SAST, DAST, IAST) and vulnerability management.
• Strong understanding of programming languages, secure coding practices, and software development methodologies.
• Excellent communication skills, capable of conveying complex security concepts to non-technical stakeholders.
• Relevant certifications (e.g., CISSP, CSSLP, CEH) are a plus.

Benefits

Comprehensive benefits package