1. Plan, implement, manage, monitor and upgrade security solutions for the protection and mitigation of risk for the organisation’s data and business applications.
2. Enhance application security framework, review existing applications’ architecture, and continuously provide suggestions for improvement.
3. Work with business and product teams to incorporate security controls during application design phase, identifying and highlighting vulnerabilities and associated mitigations.
4. Work with developers to define security checkpoints in SDLC based on industry standards and best practices.
5. Perform application security testing and code review for existing applications to identify security gaps in the application and provide technical advisory for the weaknesses and vulnerabilities identified in application code.
6. Provide support on the periodic internal and external security assessments and audit reviews.
7. Ensure that the secure coding standards are up to date in-line with industry best practices such as OWASP Guide, SANS CWE Top 25, or CERT Secure Coding to address common coding vulnerabilities.
8. Develop and deliver training program on secure coding standards for development teams within Group Technology and regional business units. 
9. Act as an ambassador for DP World at all times when working; promoting and demonstrating positive behaviours in harmony with DP World’s Principles, values and culture; ensuring the highest level of safety is applied in all activities; understanding and following DP World’s Code of Conduct and Ethics policies.
10. Perform other related duties as assigned.

QUALIFICATIONS, EXPERIENCE AND SKILLS

Knowledge and Experience

• Bachelor’s degree Computer science or equivalent.
• Minimum 5 to 8 years of experience Application Security, Cyber security or similar.
• Experience in application development & application security
• Solid understanding of OWASP Top 10 vulnerability assessment and mitigation
• Excellent understanding and knowledge of common industry cyber security frameworks, standards and methodologies, including OWASP, ISO2700x series, PCI DSS, GLBA, EU data security and privacy acts, FFIEC guidelines, CIS and NIST standards.
• Knowledge of web related technologies (Web applications, Web Services and Service Oriented Architectures) and mobile application security experience
• Industry recognized cyber security related certifications are preferred, including: CEH, EnCE, SANS, CISSP, CISM, CRISC and/or CISA.
• Knowledge of network/web related protocols is an advantage.
• Knowledge of OAUTH2, SAML, OpenID is an advantage.
• Good understanding in E-commerce, logistics, supply chain & port operations applications will be an added advantage.
• Experience in working with Multinational Companies (MNC) is preferable.

Soft Skills

• Excellent analytical skills.
• Excellent verbal and written communication.
• Program and Project management skills.
• Time management skills.
• Team player and conflict management skills.
• Ability to adapt in a complex environment, loves challenges, with the will and drive to learn new things on his/her own.
• Cultural awareness.

Technical Skills

• OWASP, ISO2700x series, PCI DSS, GLBA, EU data security and privacy acts, FFIEC guidelines, CIS and NIST standards.
• OWASP Top 10 vulnerability assessment and mitigation.
• Proven experience in identifying and responding to advanced attacker methodologies both within the corporate environment as well as external attack infrastructures, ideally with offensive experience and / or deception environment development (tripwire systems, honeypots, honey-token/accounts, etc.) using open source, vendor purchased and bespoke/in-house developed solutions.
• Expertise in Microsoft Word, Excel & PowerPoint.
• Act as an ambassador for DP World at all times when working; promoting and demonstrating positive behaviour in harmony with DP World’s Founder’s Principles, values and culture; ensuring the highest level of safety is applied in all activities; understanding and following DP World’s Code of Conduct and Ethics policies.