KEY ACCOUNTABILITIES:
- Plan, implement, manage, monitor, and upgrade security solutions for the protection and mitigation of risk for the organization's data and business applications.
- Enhance application security framework, review existing application architecture, and continuously provide suggestions for improvement.
- Work with business and product teams to incorporate security controls during the application design phase, identifying and highlighting vulnerabilities and associated mitigations.
- Work with developers to define security checkpoints in the SDLC based on industry standards and best practices.
- Perform application security testing and code review for existing applications to identify security gaps and provide technical advisory for weaknesses and vulnerabilities identified in application code.
- Provide support on periodic internal and external security assessments and audit reviews.
- Ensure that secure coding standards are up to date in line with industry best practices such as OWASP Guide, SANS CWE Top 25, or CERT Secure Coding to address common coding vulnerabilities.
- Develop and deliver a training program on secure coding standards for development teams within Group Technology and regional business units.
- Act as an ambassador for DP World at all times when working; promoting and demonstrating positive behaviours in harmony with DP World's Principles, values, and culture. Ensure the highest level of safety is applied in all activities, understanding and following DP World's Code of Conduct and Ethics policies.
- Perform other related duties as assigned.
QUALIFICATIONS, EXPERIENCE AND SKILLS:
Knowledge and Experience:
- Bachelor's degree in Computer Science or equivalent.
- Minimum 5 to 8 years of experience in Application Security, Cyber Security, or similar.
- Experience in application development & application security.
- Solid understanding of OWASP Top 10 vulnerability assessment and mitigation.
- Excellent understanding and knowledge of common industry cyber security frameworks, standards, and methodologies, including OWASP, ISO2700x series, PCI DSS, GLBA, EU data security and privacy acts, FFIEC guidelines, CIS, and NIST standards.
- Knowledge of web-related technologies (Web applications, Web Services, and Service-Oriented Architectures) and mobile application security experience.
- Industry-recognized cyber security-related certifications are preferred, including: CEH, EnCE, SANS, CISSP, CISM, CRISC, and/or CISA.
- Knowledge of network/web-related protocols is an advantage.
- Knowledge of OAUTH2, SAML, OpenID is an advantage.
- Good understanding in E-commerce, logistics, supply chain, and port operations applications will be an added advantage.
- Experience working with Multinational Companies (MNC) is preferable.
Soft Skills:
- Excellent analytical skills.
- Excellent verbal and written communication.
- Program and project management skills.
- Time management skills.
- Team player and conflict management skills.
- Ability to adapt in a complex environment, loves challenges, and has the will and drive to learn new things independently.
- Cultural awareness.
Technical Skills:
- OWASP, ISO2700x series, PCI DSS, GLBA, EU data security and privacy acts, FFIEC guidelines, CIS, and NIST standards.
- OWASP Top 10 vulnerability assessment and mitigation.
- Proven experience in identifying and responding to advanced attacker methodologies both within the corporate environment as well as external attack infrastructures, ideally with offensive experience and/or deception environment development (e.g., tripwire systems, honeypots, honey-token/accounts) using open source, vendor-purchased, and bespoke/in-house developed solutions.
- Expertise in Microsoft Word, Excel & PowerPoint.
