Accessibility Links

Senior Application Security Analyst

  • Job reference: 919803
  • Location: Saudi Arabia
  • Salary: negotiable
  • Job type: Permanent
  • Sector: Cyber Security, IT & Telecoms
  • Date posted: 28/05/2018

We are seeking a Senior Application Security Analyst to join our clients' (an Oil and Gas industry major) Application Security & Vulnerability Management Division of Information Technology.

The Application Security & Vulnerability Management Division is responsible for assessing applications' security posture by identifying, reporting and tracking vulnerabilities related to the application, its source-code and underlying components. This applies to third-party and in-house developed applications.

The Senior Application Security Analyst primary role is to perform day-to-day vulnerability assessment, analysis, reporting and tracking. The analyst will also analyze source code vulnerabilities, third-party components and the associated risk of exploitability.

Minimum requirements

As the successful candidate you will hold a Bachelor's degree in Computer Science from a recognized and approved program. An advanced degree is preferred and some experience in the Oil and Gas industry would also be preferred.

You will have seven years of experience in cybersecurity, including at least five years in application security.

 You must have application development background (preferably in SAP ABAP, Java and .Net Technologies)

 You will be able to demonstrate experience in static code scanning and analysis

 In-depth knowledge of application security and application specific vulnerabilities is a requirement

 You must also have experience in manual source code review and analysis (in C#, Java, ABAP, Javascript, Objective C, Swift and others)

 Experience in vulnerability analysis and capability of identifying false positives in static code scanning reports is also necessary

 You are expected to be experienced with OWASP Top 10 most critical web application security risks

 It is preferred you have the ability to conduct application penetration testing

Duties and responsibilities

You will be required to perform the following:

 Perform source-code scanning using several tools including IBM AppScan Source, Virtual Forge CodeProfiler, OWASP Dependency Check and others.

 Generate management and technical vulnerability reports and identify false positives.

 Provide support to application developers during vulnerability remediation.

 Research the market for scanning tools and best practices.

 Maintain existing source code scanning solutions and their infrastructure.

 Conduct penetration test activities to examine the vulnerability exploitability

Please apply by sending full CV


Our role in supporting diversity and inclusion
As an international workforce business, we are committed to sourcing personnel that reflects the diversity and values of our client base but also that of Orion Group. We welcome the wide range of experiences and viewpoints that potential workers bring to our business and our clients, including those based on nationality, gender, culture, educational and professional backgrounds, race, ethnicity, sexual orientation, gender identity and expression, disability, and age differences, job classification and religion. In our inclusive workplace, regardless of your employment status as staff or contract, everyone is assured the right of equitable, fair and respectful treatment.