Cyber Security Consultant

We are seeking a highly skilled and experienced Cyber Security Consultant to lead and support enterprise application security initiatives. The ideal candidate will possess strong expertise in Application Security, DevSecOps, Vulnerability Assessment, Penetration Testing, Threat Modelling, and Security Architecture Review across enterprise environments. The role requires close collaboration with development, infrastructure, architecture, and business teams to ensure security is embedded throughout the Software Development Lifecycle (SDLC) while maintaining compliance with industry standards and regulatory requirements.

Key Responsibilities:

• Application Security:

  • Conduct Security Architecture Reviews (SAR) and secure design assessments for enterprise applications.
  • Perform Threat Modelling exercises using industry methodologies such as STRIDE.
  • Execute Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA).
  • Conduct Vulnerability Assessment and Penetration Testing (VAPT) for web, mobile, and enterprise applications.
  • Identify application vulnerabilities and provide remediation recommendations.

• DevSecOps & Secure SDLC:

  • Integrate security controls and tools into CI/CD pipelines.
  • Implement DevSecOps best practices across development environments.
  • Support secure coding initiatives and promote security-by-design principles.
  • Collaborate with development teams to remediate security findings effectively.

• Risk Management & Compliance:

  • Perform security risk assessments for applications, systems, and infrastructure.
  • Maintain risk registers and track remediation progress.
  • Ensure compliance with security standards and frameworks such as OWASP, NIST, PCI-DSS, ISO 27001, GDPR, and NESAS.

• Security Operations & Governance:

  • Support internal and external security audits.
  • Develop security assessment reports and technical documentation.
  • Participate in security reviews, governance meetings, and compliance initiatives.
  • Monitor project risks, vulnerabilities, and remediation timelines.

• Stakeholder Collaboration:

  • Work closely with developers, architects, project managers, and business stakeholders.
  • Conduct security awareness and secure coding training sessions.
  • Provide technical guidance on application security and secure architecture.

Qualifications:

• Experience Required: 8+ Years

• Education: Bachelor’s degree in computer science, Information Security, Engineering, or related field.

• Certifications (preferred): CEH, ISO 27001, OSCP, Security+, Azure/AWS Security Certifications.

• Core Skills:

  • Application Security
  • DevSecOps
  • Threat Modelling
  • Security Architecture Review
  • Vulnerability Assessment & Penetration Testing
  • Secure SDLC
  • Risk Assessment & Risk Management

• Security Tools: Experience with one or more of the following - Burp Suite, Veracode, AppScan, Nessus, Fortify, Nmap, SCA Tools, CI/CD Security Tools.

• Technologies: Web Applications, Mobile Applications, APIs, Cloud Security Fundamentals, CI/CD Platforms.

Soft Skills:

• Strong analytical and problem-solving abilities.
• Excellent communication and stakeholder management skills.
• Ability to work independently and manage multiple projects.
• Strong documentation and reporting skills.
• Leadership and mentoring capabilities.

Language Requirements: Not specified.

Location: Dubai, United Arab Emirates

Work Conditions: On-site, Full-time.