Application Support Analyst

Job Title: Application Support AnalystLocation: QatarJob Type: Contract 12 monthsExperience: 10+ years

Job Objective

The Application Support Analyst – Information Security provides subject matter expertise in application security by developing, operating, and managing security frameworks that ensure secure application development and operations. This role plays a pivotal part in reducing the organization’s threat footprint and enhancing the security posture across the software development lifecycle.

Key Responsibilities

• Establish and manage application security processes across all phases of the software development lifecycle (SDLC), including secure coding, assessment automation, and testing protocols.
• Conduct manual and automated application security assessments (DAST, SAST, RAST), penetration testing, and source code reviews. Track and ensure timely remediation of identified vulnerabilities.
• Coordinate and scope third-party penetration testing and configuration reviews to ensure compliance and security assurance.
• Integrate threat modeling, security assessments, and testing tools into DevOps pipelines, development environments, and QA processes.
• Recommend and continuously improve secure reference architecture, policies, and procedures.
• Conduct training and awareness programs on secure coding and SDLC practices for internal stakeholders.
• Ensure alignment with data protection, privacy regulations, and organizational policies.
• Enhance existing cloud security models, ensuring compliance with industry standards and best practices.
• Define high-level requirements to ensure confidentiality, integrity, and availability of organizational data and systems.
• Develop and maintain operational KPIs, dashboards, and reports to provide visibility into application security status and trends.
• Manage compliance activities, audit responses, and closure of findings related to application security.
• Perform risk assessments on critical applications to identify threats and recommend mitigating controls.
• Support SAP application security design, deployment, and operations ensuring adherence to best practices.
• Perform other duties or special projects as assigned by management.
  
  

Minimum Qualifications

• Bachelor’s degree in Computer Science, Computer Engineering, Electronics Engineering, or a related field.
  
  

Minimum Experience

Oil and Gas Experience is Mandatory

• 10+ years of progressive experience in IT, with a minimum of:
• 7 years in ICT information/application security at an enterprise level.
• 3 years in a dedicated application security role with similar team dynamics and project complexity.
  

Certifications (Preferred)

• CSSLP (Certified Secure Software Lifecycle Professional)
• GWAPT (GIAC Web Application Penetration Tester)
• OSCP (Offensive Security Certified Professional)
• Other equivalent certifications in cybersecurity and application security.
  
  

Key Skills & Competencies

• Strong expertise in secure SDLC, secure coding practices, DevSecOps, and automation tools.
• Demonstrated experience in conducting security assessments, penetration tests, and configuration reviews.
• In-depth knowledge of cryptography, web/mobile application frameworks, and service-oriented or serverless architectures.
• Experience with SAP security architecture, cloud application security, and compliance requirements.
• Excellent understanding of security governance, policies, risk analysis, and frameworks.
• Strong communication, stakeholder management, and analytical problem-solving skills.
• Familiarity with industry standards such as NIST, OWASP, ISO 27001, and regulatory frameworks.
• Project management knowledge and experience with cross-functional coordination.
  
  

Skills: architecture,automation tools,secure coding practices,application,security assessments,compliance requirements,penetration testing,analytical problem-solving,project management,configuration reviews,risk analysis,mobile application frameworks,secure sdlc,service-oriented architecture,compliance,web application frameworks,management,application security,cryptography,security governance,reviews,security,software,automation,stakeholder management,cloud,devsecops,serverless architecture,testing,cloud application security