What Jobs are available for Application Security in Bahrain?

Job Description

VAM Systems is currently looking for Application Security Specialist for our Bahrain operations with the following skillsets & terms and conditions:

• Years of Experience: years
• Preferred Previous Work Experience: Banking

Qualification Major: BE Computer Science and Engineering.

Professional Training Required: Secure Software Development and Programming.

Professional Certifications Desired: CEH, CCNP, AWS, Azure, Java, Python, VB

Experience Required:

• Working knowledge in technology stacks used in application development, Web applications, in particular secure application design.
• Depth knowledge of IT risks, cyber security, and computer operating software like Windows, Linux, and UNIX.
• Depth knowledge in the software's design with the aid of programming languages like Python, Java, etc.
• Advanced understanding of security protocols, cryptography, and security.
• Understanding of network protocols, Source Code Reviews and OWASP Top 10 security practices.
• In-depth knowledge of frameworks used in developing applications.
• Good understanding in security measures such as firewalls, intrusion detection, and prevention systems (IDS/IPS), network access controls, and network segmentation.
• Knowledge of DNS, Security principles of routing, authentication, VPN, proxy services, and DDOS mitigation technology.
• Expertise in the architecture of information security systems.
• Good knowledge of IT Infrastructure, Cloud Technologies like AWS, Azure, and Information Security systems, specifically in architecture.

Job Responsibilities:

• Perform security analysis, develop robust security architecture, and ingrain security solutions into the Bank's Group environment ensuring the confidentiality, integrity and availability of the bank's information.
• Develop security architecture for various Information Security control systems.
• Perform Information Security Risk Assessments of new IT systems, design and recommend security controls to mitigate risks, reassess and enhance security architecture as needed.
• Review security architecture of new technology solutions and business applications, assess security, and recommend controls to address risks and enhance the architecture as needed.
• Research and recommend/implement the security standards, systems, and best practices.
• Review system security, recommend security controls, and implement enhancements.
• Manage information security projects/assignments.
• Collaborating with team to develop and implement information security architecture frameworks and strategies tailored to the specific needs of the banking industry. This includes developing security architecture for applications, cloud technologies and various Information Security control systems.
• Review technical service request and technical changes raised by IT users for Information Security risks.
• Follow Security by Design methodology to assure the end-to-end security.
• Conduct security reviews of business applications to identify weaknesses, recommend mitigation controls, perform thorough security testing, ensure secure design and architecture, and implement secure coding practices for input validation.
• Provide security architectural guidance to IT.
• Understand the risk and weakness in applications and providing expert guidance and recommendations.
• Secure application design and architecture, and application security testing.
• Developing security baselines for all critical applications and ensuring their efficacy.

Skills required:

• Cyber Security Monitoring.
• Cyber Security Analysis.
• Cyber Security Architecture.
• Cyber Security Audits.
• Cyber Security Best.
• Cyber Security Testing.
• Cyber Security Standards and Procedures.

Terms and conditions

Joining time frame: days)

• Lead the integration of security best practices into the SDLC, including threat modeling, secure design reviews, and code reviews.
• Develop and maintain security standards, guidelines, and automation tools for application development.
• Conduct comprehensive security assessments and penetration testing of web applications, APIs, and mobile applications.
• Identify, analyze, and remediate security vulnerabilities in production and pre-production environments.
• Work closely with development teams to guide them on secure coding practices and address security findings.
• Develop and deliver security training programs for software engineers.
• Implement and manage security testing tools, including SAST, DAST, and IAST solutions.
• Respond to and investigate security incidents related to applications.
• Stay current with emerging security threats, vulnerabilities, and technologies relevant to application security.
• Contribute to the development of security architecture and design patterns.
• Advise on security implications of new technologies and third-party integrations.
• Champion a security-first culture within the engineering organization.

• Bachelor's degree in Computer Science, Information Security, or a related field; Master's degree preferred.
• A minimum of 7 years of experience in application security, software development, or a related security discipline.
• In-depth knowledge of common web application vulnerabilities (e.g., OWASP Top 10) and mitigation strategies.
• Proven experience with security testing methodologies and tools (SAST, DAST, penetration testing).
• Strong understanding of secure coding principles and practices across various programming languages (e.g., Java, Python, JavaScript).
• Experience with cloud security concepts (AWS, Azure, GCP) as they relate to application security.
• Familiarity with security frameworks and compliance standards (e.g., NIST, ISO 27001).
• Excellent analytical, problem-solving, and risk assessment skills.
• Strong communication, presentation, and interpersonal skills.
• Ability to work effectively both independently and as part of a collaborative team.
• Relevant security certifications such as CISSP, CEH, or OSCP are a strong plus.

• Conduct security reviews of application architectures and designs.
• Perform static and dynamic application security testing (SAST/DAST) to identify vulnerabilities.
• Develop and implement secure coding standards and guidelines.
• Collaborate with development teams to remediate security findings and implement secure coding practices.
• Perform threat modeling exercises to identify potential security risks in new features and applications.
• Integrate security tools into the CI/CD pipeline.
• Provide security training and awareness to development teams.
• Stay up-to-date with the latest application security threats, vulnerabilities, and mitigation techniques.
• Respond to security incidents related to applications and assist in their resolution.
• Contribute to the development and maintenance of security testing frameworks.
• Advise on the secure use of third-party libraries and components.

• Define and implement secure software development lifecycle (SSDLC) best practices.
• Conduct security reviews of application designs, source code, and architecture.
• Perform vulnerability assessments and penetration testing on web and mobile applications.
• Develop and maintain security testing tools and frameworks.
• Collaborate with development teams to remediate identified security vulnerabilities.
• Provide security training and guidance to developers on secure coding practices.
• Stay up-to-date with the latest application security threats, trends, and technologies.
• Develop and manage security automation pipelines for continuous security testing.
• Contribute to the development of security policies and standards for application development.
• Mentor junior application security engineers and foster a security-first culture.

• Proven experience as an Application Security Engineer or in a similar role.
• Deep understanding of common web and mobile application vulnerabilities (e.g., OWASP Top 10).
• Proficiency in secure coding principles and practices.
• Experience with static (SAST) and dynamic (DAST) application security testing tools.
• Knowledge of cryptography, authentication, and authorization mechanisms.
• Familiarity with cloud security principles (AWS, Azure, GCP) and container security.
• Strong scripting and programming skills (e.g., Python, Java, JavaScript).
• Excellent communication, collaboration, and problem-solving skills.
• Bachelor's degree in Computer Science, Cybersecurity, or a related field, or equivalent practical experience.
• Relevant certifications such as CSSLP, GWEB, GWAPT are a plus.

• Lead the application security program, ensuring security is integrated into the SDLC.
• Conduct security assessments, including penetration testing, vulnerability assessments, and security code reviews for web and mobile applications.
• Perform threat modeling to identify potential security risks and design effective mitigation strategies.
• Develop and enforce secure coding guidelines and standards for development teams.
• Evaluate, select, and implement application security tools and technologies (SAST, DAST, IAST, WAF).
• Provide security guidance and training to software developers and engineers.
• Investigate and respond to security incidents related to application vulnerabilities.
• Collaborate with product management and engineering teams to prioritize and remediate security findings.
• Stay current with emerging application security threats, vulnerabilities, and best practices.

• Bachelor's degree in Computer Science, Information Security, or a related field; Master's degree is a plus.
• Minimum of 6 years of experience in application security engineering or a related cybersecurity role.
• Proven experience with penetration testing, vulnerability assessment, and secure code review techniques.
• Strong understanding of common web application vulnerabilities (e.g., OWASP Top 10), authentication/authorization mechanisms, and cryptography.
• Experience with SAST, DAST, and IAST tools.
• Knowledge of secure SDLC methodologies and practices.
• Excellent analytical, problem-solving, and communication skills.
• Experience leading security initiatives and mentoring team members.
• Relevant security certifications (e.g., CISSP, GWAPT, CEH) are highly desirable.

• Conduct comprehensive penetration tests on web applications, APIs, mobile applications, and other software systems.
• Identify, document, and exploit security vulnerabilities, including but not limited to OWASP Top 10 threats.
• Perform in-depth vulnerability analysis and risk assessment.
• Develop and execute detailed test plans and methodologies.
• Generate clear, concise, and actionable penetration testing reports for technical and executive audiences.
• Collaborate with development teams to provide guidance on secure coding practices and vulnerability remediation.
• Stay up-to-date with the latest security threats, attack vectors, and penetration testing tools and techniques.
• Participate in threat modeling exercises and security architecture reviews.
• Assist in the development and maintenance of the organization's penetration testing framework.
• Mentor junior penetration testers and share knowledge within the security team.

• Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or a related field, or equivalent practical experience.
• 5+ years of experience in application security testing and penetration testing.
• In-depth knowledge of web application security, common vulnerabilities, and mitigation techniques.
• Proficiency with penetration testing tools (e.g., Burp Suite, OWASP ZAP, Metasploit, Nmap).
• Experience with scripting languages (e.g., Python, Bash) for automation.
• Strong understanding of secure software development principles and SDLC.
• Excellent analytical, problem-solving, and critical thinking skills.
• Superior written and verbal communication skills, with the ability to explain complex technical issues.
• Relevant certifications such as OSCP, CEH, GWAPT, or CISSP are highly preferred.

• Conduct in-depth security assessments and penetration tests on web applications, APIs, and mobile applications.
• Identify, analyze, and document security vulnerabilities, including OWASP Top 10 and other relevant threats.
• Develop and execute exploitation strategies to demonstrate the impact of vulnerabilities.
• Provide clear and concise reports detailing findings, risk assessments, and remediation recommendations.
• Collaborate closely with development and engineering teams to guide remediation efforts and ensure secure software development lifecycle (SDLC) practices.
• Stay current with the latest security threats, vulnerabilities, and penetration testing methodologies.
• Develop custom tools and scripts to automate security testing processes.
• Contribute to the development and maintenance of the company's security testing framework.
• Participate in threat modeling and security design reviews.
• Mentor junior penetration testers and share knowledge within the security team.
• Effectively communicate technical security concepts to both technical and non-technical audiences in a remote setting.
• Contribute to building a robust security posture for applications relevant to the broader market, including those connected to regions like Sanad, Capital, BH .

• Bachelor's degree in Computer Science, Cybersecurity, or a related field, or equivalent practical experience.
• Minimum of 6 years of experience in application security and penetration testing.
• In-depth knowledge of common web application vulnerabilities (e.g., XSS, SQL Injection, CSRF, SSRF) and their exploitation.
• Proficiency with various penetration testing tools (e.g., Burp Suite, OWASP ZAP, Nmap, Metasploit).
• Experience testing APIs (REST, SOAP) and mobile applications (iOS, Android).
• Strong understanding of secure coding principles and the software development lifecycle (SDLC).
• Relevant certifications such as OSCP, CEH, GPEN, or GWAPT are highly desirable.
• Excellent analytical, problem-solving, and reporting skills.
• Ability to work independently and manage multiple testing engagements concurrently in a remote environment.
• Strong communication and collaboration skills for effective remote teamwork.

• Plan, scope, and execute penetration tests on web and mobile applications.
• Identify, analyze, and document security vulnerabilities and weaknesses.
• Utilize a variety of tools and techniques to simulate real-world attacks.
• Provide detailed, actionable remediation recommendations to development teams.
• Conduct security code reviews and architectural assessments.
• Stay current with the latest application security threats and exploit techniques.
• Collaborate with development teams to improve application security throughout the SDLC.
• Develop and maintain security testing methodologies and playbooks.
• Contribute to the development and maintenance of security testing tools and scripts.
• Mentor junior penetration testers and share expertise.

• Bachelor's degree in Cybersecurity, Computer Science, or a related field.
• Minimum of 6 years of experience in penetration testing, with a strong focus on application security.
• Demonstrated expertise in identifying and exploiting web and mobile application vulnerabilities.
• Proficiency with penetration testing tools such as Burp Suite, OWASP ZAP, Nmap, Metasploit.
• Strong understanding of secure coding principles and SDLC security best practices.
• Experience with security code review and vulnerability assessment methodologies.
• Excellent analytical, problem-solving, and critical thinking skills.
• Strong written and verbal communication skills for reporting and collaboration.
• Ability to work independently and manage multiple testing engagements in a remote environment.
• Relevant security certifications (e.g., OSCP, CEH, GWAPT) are highly desirable.

• Plan, scope, and execute comprehensive penetration tests against web applications, mobile applications, APIs, and network infrastructure.
• Identify, document, and exploit security vulnerabilities using a variety of manual and automated tools and techniques.
• Conduct in-depth security reviews of application source code to identify security flaws.
• Perform threat modeling and risk assessments to prioritize vulnerabilities and guide testing efforts.
• Develop detailed and actionable penetration test reports, clearly communicating findings, risks, and recommended remediation steps to technical and non-technical stakeholders.
• Provide expert guidance and recommendations on security best practices and remediation strategies.
• Stay current with the latest exploitation techniques, security trends, and emerging threats in the cybersecurity landscape.
• Collaborate with development and engineering teams to assist in the remediation of identified vulnerabilities.
• Contribute to the development and improvement of penetration testing methodologies and tools.
• Participate in security architecture reviews to ensure security is built into new applications and systems.

• Bachelor's degree in Computer Science, Cybersecurity, or a related field; relevant certifications are highly valued.
• Minimum of 6 years of experience in penetration testing and application security assessments.
• In-depth knowledge of common web application vulnerabilities (e.g., OWASP Top 10) and exploitation techniques.
• Proficiency with penetration testing tools (e.g., Burp Suite, Metasploit, Nmap) and techniques.
• Experience with security code review and static/dynamic analysis tools.
• Understanding of networking protocols, operating systems, and common security concepts.
• Relevant certifications such as OSCP, CEH, CISSP, or GIAC certifications are a strong plus.
• Excellent analytical and problem-solving skills.
• Strong written and verbal communication skills, with the ability to produce clear and concise reports.
• Ability to work independently and manage time effectively in a remote environment.
• Ethical mindset and commitment to maintaining confidentiality.