Our client is an online food ordering company founded in Kuwait. It operates in Kuwait, Saudi Arabia, Bahrain, the UAE, Oman, Qatar, Jordan, and Egypt.
It is the largest online food ordering company in the Middle East.
Technology background : Main application hosting is established in AWS, some applications are in physical datacenter in the UK.
Applications are developed on .NET platform.
Work with the in-house security team to drive wide security initiatives
Support in compliance and audit project
Executes architecture reviews
Security projects estimation, participation in analysis of security team efforts
Guide middle and junior engineers through projects
Vulnerabilities discovery in Manual and Automated ways as part of Penetration testing and Application Security reviews
Evaluation of security risks and recommendations for risks mitigations
Documentation of security findings, security testing report preparation and review
Communication with clients
Presentation of the team’s work results and reports to clients
Security training and knowledge sharing for internal QA and Development teams
BS in Computer Science or related field
At least 4 years of relevant work experience including but not limited to : Web and Mobile Application Security, Penetration testing, Vulnerability assessment, and Code-level Security Auditing
Experience with defensive and offensive security tools and techniques
Good understanding and independent application of cloud environment, CI / CD, testing, and validation
Independently applies best practices for information security (frameworks, standards, controls, architecture, privacy, anonymization, monitoring, alerting)
Ability to work as part of the Security incident response team
Ability to manually find and exploit at least OWASP Top10 Web vulnerabilities
Ability to manually find and exploit at least OWASP Top10 Mobile vulnerabilities
Familiarity with OWASP Testing guide
Experience with various penetration testing tools (e.g. BurpSuite, Metasploit, OWASP ZAP) on Linux and Windows
Ability to operate by vulnerability assessment tools like Tenable Nessus or Rapid7 Nexpose
Experience with one or more scripting languages : Python, Ruby, PHP, Bash, and Perl.
Ability to read source code and find issues using tools or manually in .NET or Java
Knowledge and understanding of Application Security, System and Network Security, Authentication and Security protocols
Upper-intermediate English level
Relevant work experience in one of the following : Development, QA Automation (Web, Mobile, etc.), and Security consulting
Professional certifications. For example, issued by : Offensive Security, eLearn Security, SANS, CREST, Mile2, SecurityTube, ISACA, (ISC)2 and EC-Council.
Experience with Bug Bounty programs (e.g. BugCrowd, HackerOne)
Security related publications, blog posts, and / or participation in tools development
Good team player motivated to solve complex tasks
Strong communication and problem-solving skills
Self-motivated, self-disciplined and result-oriented
Strong attention to details and accuracy
Independent, Self-starter, Initiator
Excellent communication skills for work with different groups within the project
What's in it for you
Close cooperation with a client
A constant flow of new projects
Dynamic and challenging tasks
Ability to influence project technologies
Projects from scratch
Team of professionals : learn from colleagues and gain recognition of your skills
European management style