Cybersecurity Assurance Officer

at  The Emirates Group

Job Purpose: At Emirates, we believe in connecting the world to and through our global hub in Dubai and in constantly innovating to ensure our customers ‘Fly Better ’. Our GRC team is looking to urgently hire a dynamic and experienced Cyber Security Assurance Officer to join their team. The successful candidate will be expected to d eliver the security verification processes defined by the assurance program consisting of risk and vulnerability assessments and penetration tests based on industry best practices. Additionally you will also support in continuously refining and improving the assurance program and in incorporating industry best practices, offensive and defensive techniques.

What You Will do:

• Deliver in-depth automated and manual discovery of security vulnerabilities in web applications, mobile applications, web services and client server application and associated infrastructure
• Perform a thorough verification of the vulnerabilities found during the assessment and associated risk as per risk assessment framework. Support in building defence in depth controls in web & mobile applications.
• Provide necessary knowledge transfer of the vulnerabilities found during the assessments to the software engineering teams by means of meetings, walkthroughs, technical discussions etc. for implementing appropriate security fixes.
• Monitor identified security vulnerabilities throughout their life cycle from identification to resolution to verification and closure.
• Participate in red teaming complex environments with up-to-date knowledge on exploitation and help blue team to build use cases for stronger defence.
• Participate in evolving the assurance program on an ongoing basis to incorporate industry best practices, newer offensive and defensive attack techniques
• Collaborate with development teams on improving security by offering design reviews, threat modelling, awareness, training, new tooling and expert review
• Create tools, script, and automation to make the vulnerability discovery and vulnerability management process more consistent and efficient.

Qualifications & Experience: What you will bring:
Information Technology. Other : 3+ Years
Degree or Honours (12+3 or equivalent) :

Degree in IT

• Any information security related industry recognised certification such as CISSP, CISA, CISM, GIAC certification, CEH etc. is an advantage
• Experience in Cybersecurity IT preferably in cybersecurity assurance

Knowledge/skills:

• Strong fundamentals of OS, Network and Programming Concepts
• Deep technical knowledge of OWASP TOP 10 issues for both application & mobile
• Deep technical knowledge of network and infrastructure security testing
• Technical aptitude to test web services, APIs, business logic issues, cloud specific issues etc.
• Develop high quality proof of concepts for vulnerabilities identified
• Adaptive to newer attack vectors & technologies and its applicability
• Proficient in using & implementing open source and commercial tools for application, mobile & thick client security testing
• Experience in reviewing source code for varied programming languages
• Experience building tools and automation to discover vulnerabilities at scale
• Deep technical knowledge of browser security controls such SOP, CSP, XFO, HSTS, etc.
• Knowledge of reviewing mobile & web-based security design, implementation & review.
• Knowledge of industry standard authentication and authorization mechanism, Dockers, Kubernetes,

Preferred Certifications:

• Offensive Security Certified Professional (OSCP)
• GIAC Web Application Penetration Tester (GWAPT)

Preferred

• Certified Information Systems Security Professional (CISSP)
• Excellent interpersonal & communication skill

Leadership Role : NO
Salary & Benefits: Join us in Dubai and enjoy an attractive tax-free salary and travel benefits that are exclusive to our industry, including discounts on flights and hotels stays around the world. You can find out more information about our employee benefits in the Working Here section of our website www.emirates.com/careers. Further information on what’s it like to live and work in our cosmopolitan home city, can be found in the Dubai Lifestyle section

• Deliver in-depth automated and manual discovery of security vulnerabilities in web applications, mobile applications, web services and client server application and associated infrastructure
• Perform a thorough verification of the vulnerabilities found during the assessment and associated risk as per risk assessment framework. Support in building defence in depth controls in web & mobile applications.
• Provide necessary knowledge transfer of the vulnerabilities found during the assessments to the software engineering teams by means of meetings, walkthroughs, technical discussions etc. for implementing appropriate security fixes.
• Monitor identified security vulnerabilities throughout their life cycle from identification to resolution to verification and closure.
• Participate in red teaming complex environments with up-to-date knowledge on exploitation and help blue team to build use cases for stronger defence.
• Participate in evolving the assurance program on an ongoing basis to incorporate industry best practices, newer offensive and defensive attack techniques
• Collaborate with development teams on improving security by offering design reviews, threat modelling, awareness, training, new tooling and expert review
• Create tools, script, and automation to make the vulnerability discovery and vulnerability management process more consistent and efficient