Permanent, full-time

Hybrid role based in Doha, Qatar

£ COMPETITIVE £

A globally renowned Investment Bank is seeking a Product Security Engineering Associate to join their Asset and Wealth Management division in Doha. In this role, you will be working to enable the business needs while balancing security controls. 

Duties of the Product Security Engineering Associate to include:

• Partner with business units to understand design proposal and evaluate architectural flaws for various on-prem/cloud deployments 
• Closely collaborate with Product Management, Engineering, Dev Ops and Firmwide Tech Risk teams to evaluate the design and implementation of security controls related to Authentication, Authorization, Input Validations etc. and enhance firm’s security posture 
• Evaluate the effectiveness of existing key controls, identify gaps, and recommend improvements to mitigate risks and enhance firm’s security posture
• Acts as an Application security liaison for developers and architects in the respective Business Unit to build security software 
• Interface with business, engineering and leadership teams to articulate and evaluate risk and recommend a mitigation strategy.
• Drive adoption of embedded application security controls as part of the Software Development Life Cycle (SDLC) in Agile methodology
• Provide clear and concise verbal and written recommendations and guidance to both business and technology leaders on matters of Technology Risk Management
• Promote and assist in training & awareness of information security within the region
• Strong passion and desire to grow in the Information Security area
• Collaborate with Firmwide Tech Risk and other relevant teams to develop security patterns and best practices based on engineering usecase

Requirements for the successful candidate to include:

• 3 – 5  years of technology experience in one or more of the following areas: Information Security, Product/Application Security, Threat Modelling/Secure Design Reviews, Penetration testing etc.
• Knowledge of most common Application Security vulnerabilities – e.g., OWASP Top 10 Web and API risks, cloud security gaps.
• Familiarity with Security standards such as OWASP, NIST, PCI and CIS/SANS security controls
• Ability to analyze internal and external processes and integration to understand risk
• Understanding of security core cryptography concepts (Encryption, Hashing, HMAC, digital signatures), its implementation, how they are applied and attacked in web applications
• Assessing and mitigating software security threat vectors, with experience in threat modeling framework, attack surface analysis, security design reviews, source code reviews, penetration testing or vulnerability assessments.
• Good written and oral communication to be able to articulate risks to both technical and management stakeholders
• Strong program and project management skills and technology expertise
• Ability to assess and evaluate corporate risk tolerance and translate into goals and new processes including software engineering, IT teams, and engineering and business stakeholders
• Experience collaborating with a team of security experts in a diverse set of security topics including, but not limited to, security architecture, financial controls and regulatory compliance, identity and access management, penetration testing, data loss prevention, network security, security monitoring, white box testing/static code analysis, and building secure systems

Desired skills include:

• Experience in Financial Services/Fintech
• Knowledge of secure coding language - Python, Java, Go
• Experience in AWS or Cloud technologies

This vacancy is being advertised by Montpellier Resourcing Associates Limited. The services advertised by Montpellier Resourcing Associates Limited are those of an Employment Agency.