At Emirates, we believe in connecting the world, to and through, our global hub in Dubai; and in constantly innovating to ensure our customers ‘Fly Better’.
Emirates Group IT thrives on the dynamic nature of technology. Being pioneers in aviation innovation, we're always at the forefront, pushing boundaries. We're on the lookout for exceptional IT professionals to fortify our position as leaders in the industry. Embark on a journey with the world’s largest international airline and become a vital part of our cutting-edge information and technology team as Senior Cyber Assurance Analyst.
Join our CyberSecurity team where weensure a world class CyberSecurity organisation based on the key principles of People, Process and Technology underpinned with executive endorsement of a multi-year strategy to continuously improve and develop.The team protects our digital assets by monitoring for threats, responding to incidents, managing vulnerabilities, and ensuring compliance with security policies and regulations. If you are passionate about CyberSecurity, we invite you to apply to play a crucial role in shaping the future of our technology initiatives at Emirates Group.
As a Senior Cyber Assurance Analyst in our Our cyber security team in Dubai, you will be expected to develop, implement, lead and continuously improve the security verification and testing processes consisting of but not limited to risk assessments, compliance reviews, vulnerability assessments and penetration tests based on industry best practices and as defined by the assurance. In addition to that ,you will collaborate with the team in developing the assurance program on an ongoing basis to incorporate industry best practices, offensive and defensive attack techniques.
In this role you will:
- Represent Cybersecurity assurance capabilities within the agile process as well as drive Cybersecurity best practices across the Emirates Group by executing in-depth automated and manual discovery of security vulnerabilities in web applications, mobile applications, web services and client server application and associated infrastructure
- Research, recommend and implement formal methodologies and tools for conducting technical Cyber security risk assessments, reviews, and investigations. Perform impact analysis to achieve the security-by-design objective.
- Monitor and continuously review the Emirates systems on an on-going basis, in compliance with the Emirates Group's Cybersecurity Policies, Principles and Standards. Initiate corrective actions in the event of any violations to aid effective risk-based decision making supported with data.
- Plan and schedule regular vulnerability assessments, penetration tests, technical risk assessments and compliance reviews on the Group's Key IT infrastructure components and applications based on the criticality and perceived risk of the applications/services.
- Ensure all the identified security weaknesses and risks are managed through their life cycle via product backlogs to ensure developments teams have a clear prioritization or can triage issues on a timely basis by providing knowledge transfer to the agile teams using meetings, walkthroughs, technical discussions, etc.
- Develop documentation and a knowledge base to be used by developers for implementing Secure coding practices & provide recommendations for missing application & infrastructure security controls to facilitate secure-by-design culture.
- Provide necessary knowledge transfer of the vulnerabilities found during the assessments to the software engineering teams by means of meetings, walkthroughs, technical discussions etc. for implementing appropriate security fixes.
- Collaborate with development teams on improving security by offering design reviews, threat modelling, awareness, training, new tooling and expert review
- Create tools, script, automation to make the vulnerability discovery and vulnerability management process more consistent, repeatable and increase efficiency.
