Application Security Analyst – Information Security Job at Careem

Careem

Careem Careers | Dubai Jobs

Careem is the internet platform for the greater Middle East region. A pioneer of the region’s ride-hailing economy, Careem is expanding services across its platform to become the region’s everyday Super App. Careem’s mission is to simplify and improve the lives of people and build an awesome organisation that inspires. Established in July 2012, Careem operates in over 100 cities across 13 countries and has created more than one million employment opportunities in the region. Careem became a wholly owned subsidiary of Uber Technologies, Inc. in January 2020. www.careem.com

See Also: Quality Responsible Person Job at Bristol-Myers Squibb | Dubai

About the Team
The Application Security Analyst helps improve and maintain the application security program by providing guidance pertaining to secure web development design and testing. The resource will partner with Business , Solutions Delivery, Engineering, and Operations teams to educate, evangelize, and validate secure development practices.
About the Role

Primarily responsible for application security assessments and code review as part of the software development lifecycle (SDLC)
Develop, educate, promote, and monitor the use of secure software development practices
Work with developers to implement and refine security checkpoints in the SDLC
Obtain and review all required artifacts as part of go, no go analyses at security checkpoint phases in the development cycle
Continue to drive security evaluation earlier in the cycles through iterative security testing
Develop secure coding standards that are based on industry-accepted best practices such as OWASP Guide, SANS CWE Top 25, or CERT Secure Coding to address common coding vulnerabilities
Provide regular status reports on the security of the software within the organization
Manage the application security scanning process, including analysis, communication and remediation verification
Implement and Govern automated secure coding tools and processes (SAST, DAST) to review code as it is written, promoted through the development lifecycle, and into production
Provide advisory services in secure coding practices to application development teams
Perform security activities, including security design reviews, threat modeling, code auditing on internally& externally developed software
Operate as incident responder for triage pertaining to web-based vulnerabilities
Work with information security analysts to refine web application penetration testing methods and breadth of security services
Assist with periodic security risk assessments, IT security audits, and management reporting
Help Build, maintain, and enforce application security development policies, procedures& standards

Experience & Education Requirements

Bachelor’s degree in Computer Science, Information Systems, Engineering, Mathematics, Business, or 5 years IT experience
Minimum of 3 years of experience with commonly used programming tools, workflows, and concepts
Security training or education a plus (Ex: SANS/GIAC, ISC2, ISACA, EC-Council, Offensive Security, etc.)

Preferred Skills and Abilities

Ability to read and understand code as well as ability to script
A strong understanding of Unix, Windows and network security skills
Possess excellent verbal and written communication skills and are able to navigate in an environment with both highly technical and highly nontechnical individuals
Have passion for technology, security and innovation
Familiarity with commonly used programming tools, workflows, and concepts
Ability to work independently and in a team-oriented, collaborative environment
Ability to conform to shifting priorities, demands, and timelines through analytical and problem-solving capabilities
Ability to remain flexible during times of change and react to project adjustments and alterations promptly, efficiently and positively
Must be able to learn, understand and apply new technologies
Ability to effectively prioritize and execute tasks