Job Description
Mannai ICT
Mannai ICT, the Information & Communication Technology Division of Mannai Corporation, is Qatar’s leading systems integrator with over 30 years serving over 5,000 clients. Mannai ICT offers end-to-end IT solutions, including networking, servers, storage, software applications, and digital transformation. As the Platinum Partner for HP in Qatar, Mannai ICT delivers cutting-edge IT infrastructure and enterprise solutions across all industries. With specialized divisions like Microsoft Solutions, InfoTech, and Office Equipment, Mannai ICT supports Qatar’s technological transformation with innovative and reliable services.
- We are seeking a skilled and experienced Cybersecurity Specialist (Application) to join our team. We are looking for candidates with a strong background in application security and a deep understanding of secure software development lifecycle (SDLC) principles. This position will be on a contractual basis for 2 to 3 years, extendable.
Key Responsibilities:
- Ensure that application security is an embedded and critical part of the software delivery lifecycle (including during the early stages of projects) regardless of delivery methodology and tool sets used (e.g., static code analysis).
- Conduct security assessments, including code reviews, and vulnerability assessments on applications and APIs.
- Conduct assessments to identify security risks in applications before they are implemented.
- Work with development teams to provide appropriate and effective remediation guidance for vulnerabilities discovered during various assessments.
- Perform application vulnerability assessments including regular scanning and coordinate with the development team to fix application vulnerabilities.
- Track, prioritize, and manage security vulnerabilities discovered during assessments and third-party scans. Coordinate with development teams for timely remediation.
- Develop and maintain threat models for applications and systems to identify potential security risks and recommend mitigations.
- Continuously improve the processes and procedures to include report exceptions/risk acceptance for further review.
- Contribute to the development of security policies and security standards.
- Analyze and specify the security requirements for secure development at all phases of SDLC.
- Ensure security and privacy requirements are met before the application development.
- Ensure application security guidelines are defined, documented, and implemented for development, testing, and deployment.
- Implement and manage security tools for static and dynamic application security testing (SAST/DAST) and continuous integration/continuous deployment (CI/CD) pipelines.
- Knowledge of Secure Development of technologies and platforms used in the application.
- Regular Application Security testing and consistently ensure that appropriate security measures have been added.
- Provide training and guidance to development teams on secure coding practices, threat awareness, and emerging security trends.
- Experience with DevSecOps practices and integrating security into DevOps pipelines.
- Familiarity with container security and cloud security best practices.
- Experience in managing and securing APIs and microservices in a distributed environment.
Skills
- Bilingual candidates (Arabic & English).
- 12-15 years of progressive experience in application security including web services, Azure Cloud-based applications, and services (PaaS, SaaS).
- Bachelor’s degree in Computer Science or Similar, plus substantial continued education and training in the field.
- Experience with web and mobile application security.
- Ability to effectively present and communicate security threats and risks to any audience and impress upon them the mitigation techniques and strategies.
- Proficiency in security tools like Burp Suite, OWASP ZAP, Fortify, or similar.
- Knowledge of programming languages such as Java, Python, C#, or JavaScript.
- Experience with SAST/DAST tools and CI/CD integration.
- Understanding of web application security vulnerabilities (e.g., OWASP Top 10) and secure coding practices.
- Self-motivated with the ability to prioritize, meet deadlines, and manage changing priorities.
- Strong understanding of OWASP top 10 and similar application security methodologies.
- Strong understanding of cryptography and SSL certificate lifecycle management.
- Experience with security tools including vulnerability scanning.
- Solid understanding of application security and system design.
- Familiarity with common vulnerabilities and attack vectors.
Join our team and be part of a company that values innovation, reliability, and commitment to Qatar's technological advancement. We offer opportunities for career development and the chance to work with cutting-edge technologies.