Manager Application Security

Majid Al Futtaim


Date: 7 hours ago
City: Dubai
Contract type: Full time
JOB TITLE

Manager, Application Security | Majid Al Futtaim Global Solutions UAE

Role Summary

The Application Security Manager is an enterprise-wide role responsible for overseeing and executing the Vulnerability Management (VPAT) Program, Penetration Testing, Red Teaming, Application Security, and Develops initiatives. This role ensures that all technology environments including infrastructure, applications, cloud platforms, network systems, and security tools are continuously assessed for security vulnerabilities, threats, and risks.

ROLE PROFILE

Vulnerability Management (VPAT) Program Oversight

  • Lead and manage the enterprise-wide Vulnerability Management (VPAT) Program, ensuring all IT assets undergo continuous security assessments and timely remediation.
  • Ensure regular vulnerability scans across infrastructure, applications, cloud services, and third-party integrations using appropriate tools.
  • Establish risk-based prioritization of vulnerabilities based on exploitability, business impact, and compliance requirements.
  • Work with all stakeholders to track, mitigate, and ensure asset owner remediate vulnerabilities within defined SLAs.
  • Develop vulnerability tracking dashboards and reports to provide visibility into risk trends and remediation progress.

Penetration Testing & Red Teaming

  • Plan, coordinate, and execute penetration testing and red teaming exercises for internal and external-facing systems, applications, cloud platforms, and security tools.
  • Conduct offensive security assessments, simulating real-world attack scenarios based on MITRE ATT&CK, OWASP, and industry threat intelligence.
  • Test security effectiveness of SIEM, IAM, WAF, EDR, CASB, and DLP solutions to uncover security weaknesses.
  • Perform social engineering assessments (phishing campaigns, physical security tests, and employee security awareness evaluations).
  • Generate detailed reports and risk analysis outlining exploitation potential, business impact, and remediation recommendations.

Application Security & DevSecOp

  • Lead and manage the enterprise-wide Application Security & DevSecOp Program, ensuring all Application undergo continuous security assessments and timely remediation.
  • Work with all stakeholders specially business application team, managed service provider and software developers to track, mitigate, and ensure remediation of vulnerabilities within defined SLAs.
  • Embed security testing into CI/CD pipelines.
  • Perform Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) on critical applications before deployment.
  • Ensure API security testing and protection mechanisms are in place for microservices, containerized workloads, and web applications.
  • Implement secure coding practices across development teams, conducting training and awareness programs.

Security Testing Governance & Compliance

  • Ensure all security testing and vulnerability management activities comply with ISO 27001, NIST, PCI DSS, CIS benchmarks, and approved MAF policies and standards.
  • Provide executive reporting on security testing results, identifying key risks and recommended mitigations for leadership.
  • Maintain audit-ready documentation of all security testing activities to support cybersecurity compliance function on internal and external compliance reviews.

Requirements

  • 5 – 7 years of experience in penetration testing, vulnerability management, and security assessments.
  • Experience with DevSecOps integration, embedding security testing into CI/CD pipelines.
  • Hands-on experience with security assessments in cloud, hybrid, and on-prem infrastructures.
  • Bachelor’s degree in Cybersecurity, Computer Science, or Engineering.
  • Relevant certifications in penetration testing, vulnerability assessment, and application security.
  • Preferred Qualifications
  • OSCP (Offensive Security Certified Professional)
  • OSCE (Offensive Security Certified Expert)
  • GPEN (GIAC Penetration Tester)
  • GWAPT (GIAC Web Application Penetration Tester)
  • CRTSA (CREST Registered Technical Security Architect)
  • GCSA (GIAC Cloud Security Automation)
  • Certified DevSecOps Professional (CDP)
  • AWS/Azure Cloud Security Certifications

How to apply

To apply for this job you need to authorize on our website. If you don't have an account yet, please register.

Post a resume

Similar jobs

Lobby Waitress

Accor, Dubai
2 hours ago
Company DescriptionEvery Sofitel team member is an Ambassador. An Ambassador represents Sofitel’s brand and its values, at all times. The Sofitel Ambassador will establish relationships and foremost, the Sofitel Ambassador will deliver an exceptional guest experience and promote French excellence.Job DescriptionWe are seeking a friendly and customer-focused Lobby Waitress to join our team in Dubai, United Arab Emirates. As a...

School Principal

Arab Unity School United Arab Emirates, Dubai
5 hours ago
Arab Unity School United Arab Emirates Salary: Competitive Tax-free Salary Job type: Full Time, Permanent Start date: 5th January 2026 (negotiable) Apply by: 29 October 2025 Job overview ARAB UNITY SCHOOL Dubai, United Arab Emirates If you have a proven track record in the leadership of an international UK Curriculum school, we would welcome your application for this important and...

Driver, Logistics

Atlantis The Palm, Dubai
5 hours ago
Driver, Logistics (17579) At Atlantis, we exist to bring the extraordinary to every holiday and experience through connection, empowerment, precision, care and warmth. Inspired by the majesty and mystery of the ocean, Atlantis resorts are unique destinations full of life, wonder and surprise, where we seek to exceed our guests’ expectations at every possible turn. Nestled between the calm turquoise...