Expert Application & Product Security at PMCL-JAZZ

Islamabad, Islamabad Capital Territory, Pakistan -

Full Time

Start Date

Immediate

Expiry Date

20 Jul, 26

Salary

0.0

Posted On

21 Apr, 26

Experience

2 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Application Security, Penetration Testing, Secure SDLC, OWASP Top 10, API Security, Microservices, SAST, DAST, SCA, Threat Modelling, Cloud-native Platforms, DevOps, Java, Python, CI/CD Pipelines, Infrastructure as Code

Industry

Telecommunications

Description

Grade: L2 Location: Islamabad Last date to apply: 26 April 2026 What is Expert Application & Product Security? Expert Application & Product Security is responsible to drive secure design, development, and deployment of digital products. This role is responsible for embedding security across the software development lifecycle (SDLC), securing APIs and microservices, and ensuring products are resilient against evolving cyber threats. Main responsibility of this role is to safeguard software applications for potential threats & vulnerabilities by analyzing and effectively testing implementation of different application security controls to protect organization’s digital footprint from cyber threats. The role reports directly to the Stream Head Cyber Security with an extended team of 11 team members. What does Expert Application & Product Security? 1. Define and lead the Application Security (AppSec) strategy across all products 2. Establish secure SDLC (SSDLC) frameworks and governance 3. Develop policies, standards, and secure coding guidelines 4. Align AppSec with enterprise risk management and business objectives 5. Conduct threat modelling (STRIDE, attack trees) for applications and platforms 6. Review and approve secure architectures for: a. Web and mobile applications b. APIs and microservices c. Cloud-native platforms 7. Enforce best practices based on OWASP standards (Top 10, ASVS, API Top 10) 8. Integrate security into CI/CD pipelines: a. SAST, DAST, SCA, IAST 9. Automate security testing and policy enforcement 10. Work closely with DevOps teams to implement “shift-left” security 11. Define security gates and release criteria 12. Secure externally exposed products and services 13. Implement API security controls: a. Authentication (OAuth2, JWT) b. Rate limiting, bot protection 14. Protect against: a. Injection attacks b. Broken authentication c. Business logic abuse 15. Secure Android/iOS applications: a. Reverse engineering protection b. Runtime protection (RASP) c. Secure storage & communication 16. Conduct mobile app security testing 17. Implement API gateways and secure API lifecycle management 18. Conduct secure coding training for developers 19. Provide remediation guidance and best practices 20. Build a security-first culture within software engineering teams JazzWorld is an equal opportunity employer. We celebrate, support, and thrive on diversity and are committed to creating an inclusive environment for all employees. What are we looking for and what does it require to be Expert Application & Product Security? BS/MS in CyberSecurity/Information security/Information Technology Practical experience of application security in Banking / Telco sector · At least 04 years of experience in security design and penetration testing of mobile applications & APIs · Functional o Ability to organize, plan and document tasks; o Ability to manage internal & external stakeholders; o Possess good logical and analytical skills to help in analysis of Cyber Security risks · Technical o Strong expertise in: § Web application security (OWASP Top 10) § API security and microservices § Authentication & authorization models o Experience with manual penetration testing o Hands-on with: § SAST: Checkmarx, Fortify, SonarQube § DAST: Burp Suite, OWASP ZAP § SCA: Snyk, Black Duck o Understanding of: § Java, .NET, Node.js, Python (at least one deeply) § CI/CD pipelines (Jenkins, GitLab, GitHub Actions) o Familiarity with Infrastructure as Code (Terraform, etc.) o Lead and mentor Application Security Testers o Define KPIs and performance metrics o Stakeholder management across Dev, QA, Product, and Risk teams Why join JazzWorld? As a certified Top Employer, JazzWorld reflects workplace standards benchmarked against leading global organizations, demonstrating our commitment to creating an environment where people can thrive and perform at their best. Our teams are driven by the belief that every JazzWorld employee should be inspired to live better every day, enabled by forward-looking leadership, an open culture, meaningful work, and continuous opportunities to learn and grow. Our core values - Customer Obsession, Truthful, Innovation, Collaboration, and Entrepreneurial shape how we think, decide, and lead. They encourage us to challenge convention, act with accountability, work as one team, and create solutions that truly matter for our customers and communities. As Pakistan's largest digital operator, JazzWorld serves over 100 million through connectivity, digital services, financial inclusion, entertainment, and insurance. Joining us means being part of transformation at a national scale; expanding access, unlocking opportunity, and building a more connected digital future. At JazzWorld, everything we do is rooted in one shared ambition. This purpose defines how we work, the progress we enable, and the difference we strive to make every day a Better Life For All.

Responsibilities

The Expert Application & Product Security is responsible for driving secure design, development, and deployment of digital products by embedding security across the SDLC. This role safeguards software applications against cyber threats by implementing security controls and conducting rigorous testing.