Lead Security Engineer Dubai UAE
Position: Lead Security Engineer
Date posted: 2022-04-24
Industry: other
Employment type: Full Time
Experience: 3 to 5 year
Qualification: Bachelor’s Degree holder
Salary: AED 10000 to 20000
Location: Dubai, United Arab Emirates
Company: Confidential
Description:
Looking for a Lead Security Engineer for UAE & Saudi Arabia, with in-depth knowledge of penetration testing techniques manually and necessary tools, installation and configuration of security tools, Incident Response, and security investigations, forensics tools experience. Serve as an advanced escalation point identifying and addressing potential information security incidents. This role is also responsible for supporting architecture changes, tool deployments and management
Operate a hands-on role involving penetration testing and vulnerability assessment activities of complex applications, operating systems, wired and wireless networks, and mobile applications devices
- Develop and maintain security testing plans
- Automate penetration and other security testing on networks, systems and applications
- Develop meaningful metrics
- Produce actionable, threat-based, reports on security testing results
- Act as a source of direction, training, and guidance for less experienced staff
- Mentor and coach other IT security staff to provide guidance
- Consult with application developers, systems administrators, and management to demonstrate security testing results, explain the threat presented by the results, and consult on remediation
- Communicate security issues to a wide variety of internal and external “customers”
- Foster and maintain relationships with key stakeholders and business partners
- Manual and automated testing experience is a must.
- Web/App, Wireless, mobile, NAC, Infrastructure, network and config review experience in pen testing is a must.
Responsibilities:
- Perform formal penetration tests on web-based applications, networks, and computer systems
- Conduct physical security assessments of servers, systems, and network devices
- Design and create new penetration tools and tests
- Specific tools: Nessus, Burp at a minimum.
- Probe for vulnerabilities in web applications, fat/ thin client applications, and standard applications
- Pinpoint methods that attackers could use to exploit weaknesses and logic flaws
- Employ social engineering to uncover security holes
- Incorporate business considerations (e.g. loss of earnings due to downtime, cost of engagement, etc.) into security strategies
- Research, document, discuss and present security findings with the customer.
- Review and define requirements for information security solutions
- Provide feedback and verification as an organization fixes security issues.
- Demonstrated experience developing and reviewing malicious use cases/ threat models
- Good understanding of Content Security Policy, security-related headers, exploitation of Reflected Cross-Site scripting, Server-Side Request Forgery and Stored Cross Site Scripting
- Knowledge and understanding of information security industry standards and government regulations in the country.
- Deploy and learn new security tools to help customers secure environments