Application Security Engineer/Consultant (IT Governance)
Pakistan Revenue Automation (Pvt) Ltd
Islamabad , Pakistan
Posted Jun 04, 2024 199 views Report Job
Application Security Engineer/Consultant will play a critical role in ensuring the security of our application software, architectures, and designs by identifying vulnerabilities, implementing robust security controls, and ensuring compliance with regulatory requirements. This role requires a deep understanding of application security, threat modeling, secure coding practices, and incident response. Additionally, this role will encompass IT Governance responsibilities to ensure compliance with security policies and regulatory requirements.
RESPONSIBILITIES
- Conduct comprehensive security assessments of application software, architectures, and designs to identify vulnerabilities, weaknesses and security gaps.
- Design and implement security controls, mechanisms, and countermeasures to mitigate identified risks and threats, including input validation, authentication, authorization, encryption and logging.
- Perform code reviews, static and dynamic analysis and security testing (e.g., penetration testing, fuzz testing) to identify and remediate security vulnerabilities in application code and configurations.
- Ensure compliance with relevant regulatory requirements, industry standards and best practices for application security, data privacy and information security management (e.g., GDPR, PCI DSS, HIPAA).
- Develop and maintain security policies, procedures and documentation to demonstrate compliance with legal and regulatory mandates and facilitate security audits and assessments.
- Coordinate and support internal and external audits, assessments, and certifications related to application security and compliance, including preparation, response and remediation efforts.
- Monitor application security events, alerts and logs for signs of unauthorized access, suspicious activities or security breaches.
- Develop and implement incident response plans, procedures and playbooks to facilitate timely detection, containment and resolution of security incidents and breaches.
- Establish and maintain security governance frameworks, standards and metrics to measure, monitor and report on the effectiveness of application security controls and compliance efforts.
Skills
- Proven experience in threat analysis, vulnerability assessment, and secure development.
- Minimum 5 years of experience in application security roles, with a focus on designing, implementing, and managing security controls for web applications, mobile apps and cloud-based services.
- Proficiency in application security assessment tools and techniques, including static and dynamic analysis, vulnerability scanning and penetration testing tools.
- Strong understanding of secure coding practices, web application frameworks (e.g., Angular, React, Node.js) and programming languages (e.g., Java, Python, JavaScript).
- Familiarity with security standards and frameworks as well as relevant regulatory requirements (e.g., GDPR, PCI DSS, HIPAA, ISO/IEC 27001).
- Excellent analytical and problem-solving skills, with the ability to assess complex application security risks, identify root causes and recommend effective mitigation strategies.
- Strong communication and interpersonal skills, with the ability to collaborate effectively with cross-functional teams, articulate technical concepts to non- technical stakeholders.
- Must have a valid certification of Certified Secure Software Lifecycle Professional (CSSLP)
Job Details
Pakistan Revenue Automation (Pvt) Ltd
Pakistan Revenue Automation (Pvt.) Ltd. (acronym – PRAL) has extensive experience of working with federal and provincial tax and revenue agencies to provide wide variety of tax and revenue collection solutions. Since its incorporation in June, 1994, PRAL has been involved in the development of wide array of tax and revenue related solutions pertaining to Income Tax, General Sales Tax, Federal Excise, Customs, Capital Value Tax, Provincial Sales Tax & Services. etc. Over more than two decades of services, PRAL has gained valuable experience of increasing efficiency and efficacy of tax and revenue agencies through use of latest Information and Communication Technologies with Business Process Improvement / Re-engineering. PRAL has also proven its expertise in the areas of software development, project management, technical advisory and consulting services, managing data centers, large databases management, network administration, software implementations, trainings and data entry services. This wide spectrum of services offered by PRAL facilitates our valued customers looking for One-Stop Shop solutions from conceptualization to post-implementation operations. The essence of PRAL’s business strategy is to develop sustainable partnerships with its customers thus acting as a catalyst in transforming and adapting its IT solutions and integrating these to the “New Wave of Technological Innovations” to meet the global requirements of tax and revenue agencies.
What is your Competitive Advantage?
Similar Job Titles
Application Security Analyst
Application Security Tester (VA/PT)
Aqib Irshad
Head of HR, Training & OD
FINCA
Zubair Anjum
Business Excellence Specialist
Nestle Pakistan
Mona Sharif
Senior Team Lead
Konext PVT. LTD
Sehrish Azhar
Motivational Speaker & Blogger
Living Upbeat
Zohaib Ali
Marketing Manager
Digital Online Devices
Ali Aziz
CEO
Shopistan
Muzammil Baig
Digital Marketing Manager
IT Services Group
Babar Ahmed Khan
Territory Sales Manager
Engro Foods
Usman Habib
Recruitment & Training Executive
ACS Synergy (Pvt) Ltd.
Ayesha Shaukat
Social Media Marketing Manager
Ivoke
