Senior Security Assurance Analyst Emirates Airlines Dubai

Full time
United Arab Emirates, Dubai, UAE View on Map
@Emirates Airlines posted 1 year ago
Posted : February 19, 2024 -Accepting applications
Salary: د.إ15,000.0 - د.إ30,000.0 / Monthly
View(s) 253

Job Detail

Job ID 8492
Career Level Senior
Experience 2 Years
Gender Male Female

Job Description

Emirates Airlines is presently accepting applications from suitable candidate for the job role of Senior Security Assurance Analyst in Dubai. The selected candidate will be responsible for overseeing and implementing a comprehensive security framework within the organization. Candidates desirous for this role should submit their resume to begin with the application process.

Responsibilities of Senior Security Assurance Analyst

Represent Cybersecurity assurance capabilities within the agile process as well as drive Cybersecurity best practices across the Emirates Group by executing in-depth automated and manual discovery of security vulnerabilities in web applications, mobile applications, web services and client server application and associated infrastructure
Research, recommend and implement formal methodologies and tools for conducting technical Cyber security risk assessments, reviews and investigations.
Perform impact analysis to achieve the security-by-design objective.
Monitor and continuously review the Emirates systems on an on-going basis, in compliance with the Emirates Group’s Cybersecurity Policies, Principles and Standards.
Initiate corrective actions in the event of any violations to aid effective risk-based decision making supported with data.
Plan and schedule regular vulnerability assessments, penetration tests, technical risk assessments and compliance reviews on the Group’s Key IT infrastructure components and applications based on the criticality and perceived risk of the applications/services.
Ensure all the identified security weaknesses and risks are managed through their life cycle via product backlogs to ensure developments teams have a clear prioritization or can triage issues on a timely basis by providing knowledge transfer to the agile teams using meetings, walkthroughs, technical discussions, etc.
Develop documentation and a knowledge base to be used by developers for implementing Secure coding practices & provide recommendations for missing application & infrastructure security controls to facilitate secure-by-design culture.
Provide necessary knowledge transfer of the vulnerabilities found during the assessments to the software engineering teams by means of meetings, walkthroughs, technical discussions etc. for implementing appropriate security fixes.
Collaborate with development teams on improving security by offering design reviews, threat modelling, awareness, training, new tooling and expert review
Create tools, script, automation to make the vulnerability discovery and vulnerability management process more consistent, repeatable and increase efficiency.

Requirements for Role of Senior Security Assurance Analyst

Degree in IT or equivalent.
An information security related industry recognized certification such as CISSP, CISA, CISM, GIAC certification, CEH etc.
Offensive Security Certified Professional (OSCP)
GIAC Web Application Penetration Tester (GWAPT)
Certified Information Systems Security Professional (CISSP)
2+ years of experience in cybersecurity or information security roles, with a focus on security assurance.
Experience in reviewing source code for varied programming languages.
Experience building tools and automation to discover vulnerabilities at scale.

Skills And Knowledge Desired

Strong fundamentals of OS, Network and Programming Concepts.
Deep technical knowledge of OWASP TOP 10 issues for both application & mobile.
Deep technical knowledge of network and infrastructure security testing.
Technical aptitude to test web services, API’s, business logic issues, cloud specific issues etc.
Develop high quality proof of concepts for vulnerabilities identified.
Adaptive to newer attack vectors & technologies and its applicability.
Proficient in using & implementing open source and commercial tools for application, mobile & thick client security testing.
Deep technical knowledge of browser security controls such SOP, CSP, XFO, HSTS, etc.
Knowledge of reviewing mobile & web-based security design, implementation & review.
Knowledge of industry standard authentication and authorization mechanism, Dockers, Kubernetes,
Excellent interpersonal & communication skill.