Manager Application Security

Majid Al Futtaim


Date: 2 weeks ago
City: Dubai
Contract type: Full time
JOB TITLE

Manager, Application Security | Majid Al Futtaim Global Solutions UAE

Role Summary

The Application Security Manager is an enterprise-wide role responsible for overseeing and executing the Vulnerability Management (VPAT) Program, Penetration Testing, Red Teaming, Application Security, and Develops initiatives. This role ensures that all technology environments including infrastructure, applications, cloud platforms, network systems, and security tools are continuously assessed for security vulnerabilities, threats, and risks.

ROLE PROFILE

Vulnerability Management (VPAT) Program Oversight

  • Lead and manage the enterprise-wide Vulnerability Management (VPAT) Program, ensuring all IT assets undergo continuous security assessments and timely remediation.
  • Ensure regular vulnerability scans across infrastructure, applications, cloud services, and third-party integrations using appropriate tools.
  • Establish risk-based prioritization of vulnerabilities based on exploitability, business impact, and compliance requirements.
  • Work with all stakeholders to track, mitigate, and ensure asset owner remediate vulnerabilities within defined SLAs.
  • Develop vulnerability tracking dashboards and reports to provide visibility into risk trends and remediation progress.

Penetration Testing & Red Teaming

  • Plan, coordinate, and execute penetration testing and red teaming exercises for internal and external-facing systems, applications, cloud platforms, and security tools.
  • Conduct offensive security assessments, simulating real-world attack scenarios based on MITRE ATT&CK, OWASP, and industry threat intelligence.
  • Test security effectiveness of SIEM, IAM, WAF, EDR, CASB, and DLP solutions to uncover security weaknesses.
  • Perform social engineering assessments (phishing campaigns, physical security tests, and employee security awareness evaluations).
  • Generate detailed reports and risk analysis outlining exploitation potential, business impact, and remediation recommendations.

Application Security & DevSecOp

  • Lead and manage the enterprise-wide Application Security & DevSecOp Program, ensuring all Application undergo continuous security assessments and timely remediation.
  • Work with all stakeholders specially business application team, managed service provider and software developers to track, mitigate, and ensure remediation of vulnerabilities within defined SLAs.
  • Embed security testing into CI/CD pipelines.
  • Perform Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) on critical applications before deployment.
  • Ensure API security testing and protection mechanisms are in place for microservices, containerized workloads, and web applications.
  • Implement secure coding practices across development teams, conducting training and awareness programs.

Security Testing Governance & Compliance

  • Ensure all security testing and vulnerability management activities comply with ISO 27001, NIST, PCI DSS, CIS benchmarks, and approved MAF policies and standards.
  • Provide executive reporting on security testing results, identifying key risks and recommended mitigations for leadership.
  • Maintain audit-ready documentation of all security testing activities to support cybersecurity compliance function on internal and external compliance reviews.

Requirements

  • 5 – 7 years of experience in penetration testing, vulnerability management, and security assessments.
  • Experience with DevSecOps integration, embedding security testing into CI/CD pipelines.
  • Hands-on experience with security assessments in cloud, hybrid, and on-prem infrastructures.
  • Bachelor’s degree in Cybersecurity, Computer Science, or Engineering.
  • Relevant certifications in penetration testing, vulnerability assessment, and application security.
  • Preferred Qualifications
  • OSCP (Offensive Security Certified Professional)
  • OSCE (Offensive Security Certified Expert)
  • GPEN (GIAC Penetration Tester)
  • GWAPT (GIAC Web Application Penetration Tester)
  • CRTSA (CREST Registered Technical Security Architect)
  • GCSA (GIAC Cloud Security Automation)
  • Certified DevSecOps Professional (CDP)
  • AWS/Azure Cloud Security Certifications

How to apply

To apply for this job you need to authorize on our website. If you don't have an account yet, please register.

Post a resume

Similar jobs

Project Engineer (Plumbing)

Innovo Group, Dubai
12 hours ago
Role Purpose To manage and oversee all plumbing and drainage project activities, ensuring design compliance, proper installation, timely completion, and coordination with all relevant disciplines. The Plumbing Project Engineer ensures that projects are executed in accordance with approved drawings, specifications, UAE regulations, and company standards. Key Accountabilities Review and interpret plumbing design drawings, specifications, and project documents to ensure accuracy...

Senior Engineer - Planning - STP

AECOM, Dubai
16 hours ago
Company Description Work with Us. Change the World. At AECOM, we're delivering a better world. Whether improving your commute, keeping the lights on, providing access to clean water, or transforming skylines, our work helps people and communities thrive. We are the world's trusted infrastructure consulting firm, partnering with clients to solve the world’s most complex challenges and build legacies for...

SkyCargo Courier Express - Contact Center Operations Officer

Emirates, Dubai
19 hours ago
Job PurposeDirect, monitor and control shift and daily operational productivity in order to maintain contact centre revenue targets and service and quality levels. Be first point of contact for agents and management for the shift and work closely with the contact centre team to ensure all targets are met and exceeded.Job OutlineProactively address shift and daily operational productivity to maintain...