# Degree (Masters degree or equivalent) preferably in computer engineering or Information Systems or Electrical Engineering is highly desirable. A first level university degree with a relevant combination of academic qualifications and experience in the networking may be accepted in lieu of the advanced university degree.
# 10 years of progressively responsible experience in information security, web application vulnerability assessments and penetration testing is required.
# Experience with TCP / IP networking (LAN, MAN, WAN) systems.
# Knowledge of network security, current information security threats and incident management concepts and practices.
# Development and implementation of secure coding practices and/or vulnerability testing experience with web frameworks
# Experience with scripting languages such as bash, Perl, Python, PowerShell.
# Excellent written and oral communication skills.
# Experience with Open Web Application Security Project (OWASP), Open Source Security Testing Methodology Manual (OSSTMM) methodologies and tools.
# Knowledge of SDLC practices, common security requirements within .NET, and Drupal application and similar frameworks.
# Certifications like CISSP, CEH, GPEN, GWAPT, GXPN, GWEB, GSSP - JAVA, GSSP - .NET are desirable.
Specific Responsibilities :
# Perform web application threat modeling, analyze vulnerability assessment reports, carry-out code reviews, and develop mitigation strategies.
# Implement necessary controls to address identified security vulnerabilities in consultation with internal ICT groups by taking into account identified potential impacts; devise and provide prioritized actionable mitigation plans, and estimate effort levels.
# Formulate and participate implementing mitigating actions assessment reports outlining findings and specific actionable recommendations.
# Participate formulating application technical documentation.
# Develop testing procedures and scripts.
# Contribute to the ongoing enhancement of the Organizations web applications; Participate in the review of the existing and design of the new applications in accordance with the organization policies and standards.
# Liaise with internal ICT groups and other constituencies including counterparts in partner organizations and third party security service providers on the issues relating to the web application security.
# Mentor team members on web application security methodologies and techniques including secure coding practices.