-
View all jobs
Job Description
We are seeking a skilled Application Security Specialist to join our Cybersecurity Practice. In this role, you will work closely with our application security, development, and QA teams to secure our clients’ applications across their entire lifecycle. You will conduct security testing, perform penetration tests, and assess vulnerabilities across web, mobile, API applications.
Your responsibilities will span application penetration testing, automated security scanning (SAST, DAST, SCA), threat modelling, secure code review, and developer enablement. You will embed security best practices throughout the software development lifecycle and ensure that applications are designed and built with robust security controls.
You will collaborate with development and DevOps teams to integrate security into CI/CD pipelines, triage and validate findings, and provide clear, actionable remediation guidance. The role requires hands-on technical expertise, strong analytical skills, and the ability to translate complex security findings into practical fixes that developers can implement.
Responsibilities
We are seeking a skilled Application Security Specialist to join our Cybersecurity Practice. In this role, you will work closely with our application security, development, and QA teams to secure our clients’ applications across their entire lifecycle. You will conduct security testing, perform penetration tests, and assess vulnerabilities across web, mobile, API applications.
Your responsibilities will span application penetration testing, automated security scanning (SAST, DAST, SCA), threat modelling, secure code review, and developer enablement. You will embed security best practices throughout the software development lifecycle and ensure that applications are designed and built with robust security controls.
You will collaborate with development and DevOps teams to integrate security into CI/CD pipelines, triage and validate findings, and provide clear, actionable remediation guidance. The role requires hands-on technical expertise, strong analytical skills, and the ability to translate complex security findings into practical fixes that developers can implement.
Responsibilities
- Penetration Testing:Conduct penetration tests on web applications, mobile applications, APIs, and thick-client applications. Prepare detailed reports with clear risk ratings and actionable remediation recommendations.
- Security Scanning:Implement, tune, and manage automated security scanning tools (SAST, DAST, SCA) to continuously identify vulnerabilities in code, configurations, and third-party dependencies across all application types.
- Threat Modelling:Perform threat modelling to identify potential security risks and attack surfaces associated with applications early in the design process, and provide guidance on mitigating these risks.
- Secure Code Review:Review application source code for security vulnerabilities across multiple platforms and languages, and offer practical, developer-friendly recommendations for remediation.
- DevSecOps Integration:Integrate security testing and controls into CI/CD pipelines, enabling continuous and automated security validation as part of the development workflow.
- Training & Awareness:Develop and deliver secure coding training sessions and workshops to raise application security awareness among development teams and other stakeholders.
- Tool Evaluation:Assess and recommend tools and technologies to enhance application security testing and monitoring capabilities across various platforms.
- Documentation:Create and maintain comprehensive documentation related to security assessments, vulnerability management, and application security standards and policies.
- Education: Bachelor’s / college degree in Computer Science, Information Security, or a related field.
- Experience: At least 3 years of experience in application security, secure software development, penetration testing, or a closely related field.
- Certifications: Relevant professional certifications are highly desirable. These may include, but are not limited to:
- OffSec certifications (e.g., OSWA, OSWE)
- eLearnSecurity (e.g., eWPT, eWPTX)
- GIAC / SANS (e.g., SEC542, GWAPT)
- BCSP or other application security certifications.
- Technical Skills: Proficiency with security testing tools such as Burp Suite (required), and familiarity with Snyk, HCL AppScan, Fority, and Postman (preferred). Strong understanding of secure coding practices and hands-on experience with at least one programming language. Familiarity with DevSecOps practices and CI/CD pipelines is preferred.
- Knowledge: In-depth knowledge of application security principles and practices, with strong familiarity with security frameworks and guidelines (e.g., OWASP Top 10, ASVS, MASVS, WSTG, MSTG). Understanding of common vulnerability classes, exploitation techniques, and remediation strategies. Knowledge of Qatar National Information Assurance (NIA) is a plus.
Key Skills
Ranked by relevance
cicd
penetration testing
technical expertise
cybersecurity
burp suite
postman
devops
owasp
Related Jobs
3 roles aligned with this opportunity
View Job Details
Related
Engineer - Cloud Security Architect
2026-07-02
Full-time
Not Applicable
Qatar
IT Services
Information Technology
View Job Details
Related
Cloud Security Engineer
2026-07-01
Full-time
Mid-Senior
Qatar
IT Services
Information Technology
View Job Details
Related
Senior Consultant - Cybersecurity
2026-07-05
Full-time
Not Applicable
Qatar
IT Services
Information Technology
Login to Apply
- Posted
- Jul 05, 2026
- Type
- Full-time
- Level
- Not Applicable
- Location
- Doha
- Company
- malomatia
Industries
IT Services
IT Consulting
Categories
Information Technology
Related Jobs
3 roles aligned with this opportunity
View Job Details
Related
Engineer - Cloud Security Architect
2026-07-02
Full-time
Not Applicable
Qatar
IT Services
Information Technology
View Job Details
Related
Cloud Security Engineer
2026-07-01
Full-time
Mid-Senior
Qatar
IT Services
Information Technology
View Job Details
Related
Senior Consultant - Cybersecurity
2026-07-05
Full-time
Not Applicable
Qatar
IT Services
Information Technology