-
malomatia

Application Security

malomatia
Qatar · Full-time · Not Applicable

Job Description

We are seeking a skilled Application Security Specialist to join our Cybersecurity Practice. In this role, you will work closely with our application security, development, and QA teams to secure our clients’ applications across their entire lifecycle. You will conduct security testing, perform penetration tests, and assess vulnerabilities across web, mobile, API applications.

Your responsibilities will span application penetration testing, automated security scanning (SAST, DAST, SCA), threat modelling, secure code review, and developer enablement. You will embed security best practices throughout the software development lifecycle and ensure that applications are designed and built with robust security controls.

You will collaborate with development and DevOps teams to integrate security into CI/CD pipelines, triage and validate findings, and provide clear, actionable remediation guidance. The role requires hands-on technical expertise, strong analytical skills, and the ability to translate complex security findings into practical fixes that developers can implement.

Responsibilities

  • Penetration Testing:Conduct penetration tests on web applications, mobile applications, APIs, and thick-client applications. Prepare detailed reports with clear risk ratings and actionable remediation recommendations.
  • Security Scanning:Implement, tune, and manage automated security scanning tools (SAST, DAST, SCA) to continuously identify vulnerabilities in code, configurations, and third-party dependencies across all application types.
  • Threat Modelling:Perform threat modelling to identify potential security risks and attack surfaces associated with applications early in the design process, and provide guidance on mitigating these risks.
  • Secure Code Review:Review application source code for security vulnerabilities across multiple platforms and languages, and offer practical, developer-friendly recommendations for remediation.
  • DevSecOps Integration:Integrate security testing and controls into CI/CD pipelines, enabling continuous and automated security validation as part of the development workflow.
  • Training & Awareness:Develop and deliver secure coding training sessions and workshops to raise application security awareness among development teams and other stakeholders.
  • Tool Evaluation:Assess and recommend tools and technologies to enhance application security testing and monitoring capabilities across various platforms.
  • Documentation:Create and maintain comprehensive documentation related to security assessments, vulnerability management, and application security standards and policies.

Qualifications

  • Education: Bachelor’s / college degree in Computer Science, Information Security, or a related field.
  • Experience: At least 3 years of experience in application security, secure software development, penetration testing, or a closely related field.
  • Certifications: Relevant professional certifications are highly desirable. These may include, but are not limited to:
    • OffSec certifications (e.g., OSWA, OSWE)
    • eLearnSecurity (e.g., eWPT, eWPTX)
    • GIAC / SANS (e.g., SEC542, GWAPT)
    • BCSP or other application security certifications.
  • Technical Skills: Proficiency with security testing tools such as Burp Suite (required), and familiarity with Snyk, HCL AppScan, Fority, and Postman (preferred). Strong understanding of secure coding practices and hands-on experience with at least one programming language. Familiarity with DevSecOps practices and CI/CD pipelines is preferred.
  • Knowledge: In-depth knowledge of application security principles and practices, with strong familiarity with security frameworks and guidelines (e.g., OWASP Top 10, ASVS, MASVS, WSTG, MSTG). Understanding of common vulnerability classes, exploitation techniques, and remediation strategies. Knowledge of Qatar National Information Assurance (NIA) is a plus.

Key Skills

Ranked by relevance

cicd penetration testing technical expertise cybersecurity burp suite postman devops owasp
Login to Apply
Posted
Jul 05, 2026
Type
Full-time
Level
Not Applicable
Location
Doha
Company
malomatia

Industries

IT Services IT Consulting

Categories

Information Technology

Related Jobs

3 roles aligned with this opportunity

View all jobs
View Job Details
malomatia
Related

Engineer - Cloud Security Architect

2026-07-02

Full-time
Not Applicable
Qatar
IT Services
Information Technology
View Job Details
malomatia
Related

Cloud Security Engineer

2026-07-01

Full-time
Mid-Senior
Qatar
IT Services
Information Technology
View Job Details
malomatia
Related

Senior Consultant - Cybersecurity

2026-07-05

Full-time
Not Applicable
Qatar
IT Services
Information Technology