About the job
- Develop, implement, lead, and continuously improve the security verification and testing processes
- Collaborate with the team to develop the assurance program incorporating industry best practices
- Represent cybersecurity assurance capabilities within the agile process
- Research, recommend, and implement formal methodologies and tools for conducting technical cybersecurity risk assessments
Description
At Emirates, we believe in connecting the world, to and through, our global hub in Dubai and in constantly innovating to ensure our customers ‘Fly Better’. Our Cyber Team are looking for an experienced Senior Security Assurance Engineer to join their team. Job Purpose: Develop, implement, lead, and continuously improve the security verification and testing processes consisting of but not limited to risk assessments, compliance reviews, vulnerability assessments, and penetration tests based on industry best practices and as defined by the assurance. Collaborate with the team in developing the assurance program on an ongoing basis to incorporate industry best practices and offensive and defensive attack techniques.
What you will do:
- Represent cybersecurity assurance capabilities within the agile process as well as drive Cybersecurity best practices across the Emirates Group by executing in-depth automated and manual discovery of security vulnerabilities in web applications, mobile applications, web services, and client-server applications and associated infrastructure.
- Research, recommend, and implement formal methodologies and tools for conducting technical cybersecurity risk assessments, reviews, and investigations. Perform impact analysis to achieve the security-by-design objective.
- Monitor and continuously review the Emirates Group systems on an ongoing basis, in compliance with the Emirates Group Cybersecurity Policies, principles, and standards. Initiate corrective actions in the event of any violations to aid effective risk-based decision-making supported with data.
- Plan and schedule regular vulnerability assessments, penetration tests, technical risk assessments, and compliance reviews on the Groups key IT infrastructure components and applications based on the criticality and perceived risk of the applications/services.
- Ensure all the identified security weaknesses and risks are managed through their life cycle via product backlogs to ensure development teams have a clear prioritization or can triage issues on a timely basis by providing knowledge transfer to the agile teams using meetings, walkthroughs, technical discussions, etc.
- Develop documentation and a knowledge base to be used by developers for implementing secure coding practices and provide recommendations for missing application and infrastructure security controls to facilitate a secure design culture.
- Provide necessary knowledge transfer of the vulnerabilities found during the assessments to the software engineering teams using meetings, walkthroughs, technical discussions, etc. for implementing appropriate security fixes.
- Collaborate with development teams on improving security by offering design reviews, threat modeling, awareness, training, new tooling, and expert review.
- Create tools, scripts, and automation to make the vulnerability discovery and vulnerability management process more consistent, and repeatable and increase efficiency.
Qualifications & Experience
- Experience in IT Security: 5+ Years
- Degree or Honours (12+3 or equivalent) in Information Technology
- Experienced in offensive security methodologies, tools, and frameworks like C2, Antivirus evasion, defense evasion techniques, threat emulation frameworks etc.
- Strong understanding of network protocols, system architectures, and security technologies
- Demonstrated proficiency in social engineering techniques and assessing organizational resilience
- In-depth knowledge of threat intelligence and understanding of threat actors; and tactics
- Experience in handling security incidents and incident response procedures
- Proficiency in scripting and programming languages for task automation and customization like Python, go, bash etc.
- Extensive experience in technical risk assessments and providing risk mitigation recommendations
- Relevant certifications such as OSCP, OSEP, CRTP, CRTE, or similar industry-recognized credentials
- Proficiency in using Splunk and building detections
Salary & Benefits
Join us in Dubai and enjoy an attractive tax-free salary and travel benefits that are exclusive to our industry, including discounts on flights and hotel stays around the world. You can find out more information about our employee benefits in the Working Here section of our website www.emirates.com/careers. Further information on what’s it like to live and work in our cosmopolitan home city can be found in the Dubai Lifestyle section.
