Job description


– Information Security Risk assessment (incl security loopholes) of new procurement /development, and existing production applications, project changes.

– Defines security guidelines for application & database development (secure SDLC, Secure coding practices etc.) based on vendor (Microsoft/Oracle), independent organization (OWASP), Benchmarks (CIS), and QCERT guidelines etc.,

– Link enterprise security threat modelling results to application security domain and take corrective/preventive actions

– Coordinate with application development vendors to ensure 3rd‐party software and development meets customer security standards

– Work closely with Application development team providing support through-out their development lifecycle

– Helps developers code securely by integrating tools into Development IDE (Visual Studio), TFS check-in phase, independent secure code review, Penetrating testing, Configuration of F5 ASM

– Good knowledge and understanding of ISMS and QCERT NIA Policy

Certification: CSSLP / GWAPT / GPEN /


– Thorough understanding of the latest security principles, techniques, and protocols

– Detailed technical knowledge and best practices of

o database (MS SQL & Oracle),

o mobile app development, Web applications, Web Servers (IIS/Apache/Tomcat), Web Services, Service Oriented Architectures,

o Technologies like Java, .NET framework, Sharepoint, Oracle (applications and Database), HTML, scripting languages like jquery, javascript, ajax

o Application security management (users, roles, permissions)

Familiarity with network and operating system security


Leave a Reply

Your email address will not be published. Required fields are marked *