Principal Cybersecurity Assurance-Applications

At Emirates, we believe in connecting the world, to and through, our global hub in Dubai and in constantly innovating to ensure our customers ‘Fly Better’. Join us in Cosmopolitan Dubai as a Principal: Cybersecurity Assurance-Applications and provide cybersecurity technical leadership to multiple disciplinary teams in IT and Business and represent Cybersecurity Assurance capabilities within software development life cycle.

Job Purpose:

Overall responsibility and accountability of application security assurance activities providing services to all global and local entities under The Emirates Group. The role is also responsible for Including the validation of current as well as new websites and mobile apps are designed and implemented with the highest security standards possible.

What you will do:

• Collaborate with the relevant stakeholders on a continuous basis to ensure security-by-design principles are defined, implemented and continuously improved.

• Develop and implement effective security testing strategies by leveraging cutting edge security research through upskilling self and team, staying up to date on security research and applying them effectively to the overall Emirates Group application security assurance program.

• Implementing and developing effective secure coding practice strategies to counter traditional and modern attacks affecting The Emirates Group digital assets by educating the software developer community, Awareness workshops and drive implementation of industry best practice.

• Develop and implement DevSecOps principles by automating security activities such as static analysis, dynamic analysis, container security, orchestration security, etc.

• Provide security advisory to product grooming sessions with software developers, scrum masters and Technical product owners to prioritize security backlogs, offer technical expertise on new requirements and ensure the delivery of privacy and security by design principles.

• Understand, articulate, evaluate and design solutions to complex business problems and apply appropriate technologies while following security engineering best practices.

• Collaborate with a diverse audience such as business stakeholders, Group leadership and the Engineering Chapter to highlight and bring about change that improves the level of Cybersecurity practices that affect the entire Emirates Group.

• Lead the technical Cybersecurity expertise within the AATs to support diverse security requirements while maintaining a high-level overview of activities.

• Mentor & upskill resources in the team to ensure continuous growth of the team and support the roadmap to achieve strategic goals objectives of function.

• Keep abreast with industry security assurance best practices and monitor the market for emerging technologies relevant to the domain.

What you will Bring:

• Degree or Honours (12+3 or equivalent)

• Degree in IT or Cybersecurity or any other IT-related discipline

• Minimum 8 years experience and Offensive Security Certified Professional (OSCP), or certifications in IT/Cyber Risk management is required

• Experience in system security Assessment, control and vulnerability Management and any other relevant experience in cybersecurity.

Knowledge/skills:

• Thorough knowledge of OWASP Top 10 (Web & Mobile)

• Clear understanding of network and web related protocols (such as, TCP/IP, UDP, IPSEC, HTTP)

• Strong fundamentals of Application design concepts - Security-by-design in application

• Clear understanding of network and web related protocols such as such as, TCP/IP,UDP,IPSEC, HTTP, HTTPS, routing protocols

• Knowledge of technologies such as reverse proxies, Web application Firewalls,CI/CD, API gateways, SAAS

• Solid understanding of (IT) Risk Management processes

• Proficient in using & implementing open source and commercial tools to scale security

• Experience in threat modelling, vulnerability discovery and vulnerability management processes

• Experience in Bug Bounty processes or similar experience

• Ability to understand business requirements and translate them into technical requirements.

• Ability to work cross-functionally with non-engineering stack holders

Certifications:

• Offensive Security Certified Professional (OSCP)

Preferred

• Certified Ethical Hacker (CEH) - Certified Information Systems Security Professional (CISSP)

Leadership Role: YES

Join us in a management role and enjoy an attractive tax-free salary. On top of our generous travel benefits, including discounted flights and hotel stays around the world, this managerial role also has an excellent leave and healthcare package. That’s on top of transport benefits, life insurance and more. Find out what it’s like to live and work in our fast-paced, cosmopolitan home city in the Dubai Lifestyle section of our website www.emirates.com/careers