Technical Lead - Application Security
CENSUS SA
- Abu Dhabi
- Permanent
- Full-time
- Creating, reviewing, and expanding security architectures and designs that align with the product's security requirements.
- Assisting in the collection, technical translation, and fine-tuning of security requirements.
- Driving, supporting, and reviewing threat modelling, attack surface enumeration and attack tree creation activities across a range of application software domains (cloud, mobile, web, robotics, autonomous, and other special software).
- Researching, reviewing, comparing, and proposing technologies that can satisfy the client's established requirements, and aligning with their strategies.
- Reviewing product security designs, documenting missing security controls, and driving analysis for security improvements.
- Planning, executing, and supervising end-to-end security posture assessments via source code auditing, functional testing, fuzz testing and other applicable methodologies.
- Verifying if output implementation is aligned with the products' security architecture, requirements, and threat model.
- Documenting and presenting product security risks in both technical and business-oriented language.
- Managing a team of security engineers and consultants to successfully assess and research bleeding edge technologies and products.
- MSc or BSc in Electrical Engineering, Computer Science, Computer Engineering, Electronics Engineering, or equivalent practical experience.
- 8+ years of experience in application security related role. Experience can be an engineering / development position (e.g., consumer or enterprise), an assessment / consultancy role, an equivalent role in other engineering organizations, or a combination of them.
- Proven experience of 2+ years in a leading application security architecture role.
- Proficient in English and excellent communication skills.
- In-depth exposure to security concepts, cryptography, and protocols across various Application types (cloud, web, mobile, IoT / Embedded, etc.).
- Extensive, and leading role experience with producing & reviewing application security architecture.
- Experience with Mobile (iOS & Android), Cloud (GCP, AWS, Azure, etc.) and Web (Frontend & Backend) platforms.
- Experience in reading & comprehending source code, discerning business logic pitfalls, and identifying security flaws in at least one of the following groups of languages:
- Native Applications & Libraries written in C++/C.
- Mobile-relevant, such as Swift, Obj-C, Kotlin, Java, Dart, and JavaScript.
- Web- and Cloud-relevant, such as Java, Ruby, Rust, Go, Python, PHP, C#, Lua, and JavaScript.
- Experience with application authentication, authorization, identity, and access management methods, such as OAuth, SSO, JWT, PKI / Certificates, Cloud IAM, and Password-less authentication.
- Experience with application security features and key management systems backed by secure hardware, such as Mobile Biometric authentication, Keystore / Keychain, TPM / vTPM, HSM and SE.
- Experience with applied cryptography and cryptographic protocols, such as E2E protection, authenticated encryption, mTLS, Key Exchange / Agreement, Asymmetric PAKE, OTR, Double Ratchet, Olm/Megolm and SFrame.
- Excellent leadership, ownership, problem solving skills, and willingness to learn/grow.
- Familiarity with debugging, instrumenting, and profiling applications & application runtimes / middleware.
- Familiarity with confidential computing, virtualization, enclaves, containers, and attestation technologies.
- Familiarity with application reverse engineering and fuzz testing methods.
- Experience in working with international teams located in other regions and time zones worldwide.