About the job Information Security (OSCP) Specialist
Job Role: Information Security Specialist (Application Security)
Work location Government entity
Location: Doha, Qatar
Job Purpose Statement:
We are looking for a skilled Professional for VAPT, Application Security, Offensive Security & compliance profile. The ideal candidate will have experience in Network basics, Security understanding of all OSI layers, SAST, DAST, Mobile apps, Web apps, OWASP Top 10, SANS 25, CWE, CVEs understanding. The candidate should have Minimum 10 years of Experience in relevant profile with high quality process writing and documentation experience.
Principal Accountabilities:
- Strong expertise on preparing reports, presentations in WORD and PPT
- Ensure compliance to the business agreement, policies, procedures, & regulations along with ability to map controls and compliance requirements.
- Point out weaknesses and risks associated with the implemented security measures
- Perform security risk analysis
- Application security based on OWASP Top 10 standards.
- Vulnerability Assessment using Tenable, Offensive Penetration Testing
- Understand business requirements, perform threat modelling, present dashboard & risks to Management
- Understanding Of ISMS/BCMS/NIST any other compliances for security
- Coordination with different stakeholders for explaining and mitigating the risks
- Strong expertise on SAST/DAST tools such as Burp, HP Webinspect, Fortify etc.
- Red teaming/Blue teaming experience will be an added advantage
- Ability to support the deployment of security controls
- Performing Security Awareness sessions, mentoring team etc.
- Must have expertise to lead and participate in Security drills
- Should have ability to lead the end-to-end application security, VAPT or any other assigned projects from Technical stand point.
- Network and Network Security basics understanding
- Working knowledge in: HTTP Protocol, Network security including; LAN / WAN security, TCP/IP Protocol, Unix / Wins security, Firewalls Intrusion
- Monitoring and analyzing network traffic and application logs.
- Investigating intrusion attempts and performing analysis of exploits
- Strong understanding of adversary motivations like cybercrime, cyber hacktivism, cyberwar, cyber espionage, and the difference between cyber propaganda and cyber terrorism
- Strong understanding of databases, operating systems, networks, and tool development
Qualification/ Experience:
A Bachelor of Science in Computer Science major in Information Systems.
OSCP/OSCE is mandatory
Minimum 10 years of experience required.