Senior CyberSecurity Assurance Services Analyst

At the company, we believe in connecting the world, to and through, our global hub in Dubai; and in constantly innovating to ensure our customers ‘Fly Better’. The company Group IT thrives on the dynamic nature of technology. Being pioneers in aviation innovation, we're always at the forefront, pushing boundaries. Join our CyberSecurity team where we ensure a world-class CyberSecurity organisation based on the key principles of People, Process, and Technology. The team protects our digital assets by monitoring for threats, responding to incidents, managing vulnerabilities, and ensuring compliance with security policies and regulations.

As a Senior CyberSecurity Assurance Services Analyst, you will provide subject matter expertise across secure software development, security architecture governance, and cybersecurity metrics and data analytics for the company Group. Drive the integration of secure coding practices, the validation and evolution of security architecture patterns, and the delivery of actionable security metrics to proactively strengthen the Group's security posture. Collaborate with cross-functional and portfolio assurance teams to ensure policy and standards compliance, foster innovation, and enable informed, data-driven decision-making to mitigate risk and enhance organisational resilience.

Responsibilities

• Lead the planning, execution, and continuous improvement of cybersecurity assurance services initiatives by setting clear objectives, aligning activities with organisational goals, and ensuring best practices are embedded across secure coding, architecture governance, and metrics-driven risk management.
• Oversee and facilitate cross-functional collaboration by engaging with IT, development, portfolio assurance, and governance teams. Assist in embedding robust security controls, policies, and standards into all phases of the technology lifecycle, ensuring seamless integration and consistent service across the enterprise.
• Champion the adoption and optimisation of advanced security tools, automation, and analytics by evaluating emerging technologies, streamlining workflows, and implementing scalable solutions.
• Mentor and coach technical teams by providing expert guidance, delivering targeted training, and fostering a culture of excellence, accountability, and continuous learning across coding, architecture, and metrics domains.
• Drive risk identification, escalation, and mitigation efforts by leveraging threat intelligence, governance frameworks, and data-driven insights. Proactively inform strategic decisions, prioritise remediation activities, and ensure organisational resilience against evolving cyber threats.
• Govern the review, approval, and validation of security architecture designs for new and existing solutions. Ensure strict adherence to the company's approved security patterns, frameworks, and risk appetite.
• Lead the evaluation, evolution, and creation of security architectural patterns by collaborating with solution specialists, architects, and technical teams.
• Provide expert guidance and actionable feedback to stakeholders on the implementation of secure architectures.

Requirements

• Degree or Honours (12+3 or equivalent) in Cybersecurity, Computer Science, Engineering, or a related IT Security discipline.
• 5+ years in Information Technology and IT security, including hands-on Cybersecurity Data Analytics experience.
• Relevant credentials such as CISSP, CISM, OSCP, CISSP-ISSAP, SABSA, TOGAF, ISO 27001 Lead Auditor, or Data Analytics certifications.
• Strong hands-on experience in cloud, web application, and infrastructure penetration testing (VAPT), with proven ability to identify and exploit complex vulnerabilities.
• Deep knowledge of cloud security testing techniques, including IAM privilege escalation, insecure configurations, exposed services, and multi-stage attack paths in cloud environments.
• Advanced expertise in web application security testing, aligned with OWASP Top 10 and modern application architectures (APIs, microservices, authentication flows).
• Practical experience in network and infrastructure penetration testing, including Active Directory attacks, credential harvesting, lateral movement, and post-exploitation techniques.
• Demonstrated ability to translate technical findings into risk-based insights, prioritising vulnerabilities based on business impact, exploitability, and threat context.
• Experience in integrating penetration testing into CI/CD, secure development lifecycle (SDLC), and assurance processes, enabling shift-left security and continuous validation.

Leadership Role
Yes

Salary & Benefits
Join us in Dubai and enjoy an attractive tax-free salary and travel benefits that are exclusive to our industry, including discounts on flights and hotel stays around the world.