Application Security Engineer

Requirements:

• Bachelor's degree in Computer Science, Information Technology, or a related field.
• 6+ years of relevant experience in source code reviews and cybersecurity risk assessments, preferably in enterprise environments.
• Strong hands-on experience in programming languages such as Python, Java, C++, C#, and Swift.
• In-depth knowledge of secure development methodologies, security principles, and common coding flaws.
• Proficiency in using Veracode, Checkmarx, and Fortify for source code analysis.
• Familiarity with tools such as Metasploit, Burp Suite, Nmap, and Wireshark.
• Proficiency in scripting languages including Python, PowerShell, and Bash.
• Solid understanding of network protocols, security architecture, and standard cybersecurity concepts.
• Possession of one or more of the following (or equivalent) certifications: Certified Secure Software Lifecycle Professional (CSSLP), Certified Application Security Engineer (CASE), or Offensive Security Certified Expert (OSCE).
• Excellent verbal and written communication skills, with the ability to articulate technical issues to both technical and non-technical stakeholders.
• Strong skills in documentation and reporting using Microsoft Word, Excel, and PowerPoint.
• High level of integrity, professional ethics, and a commitment to confidentiality.
• Must possess a valid security clearance as required by the Ministry of Interior (MOI).
• Must not have any criminal record or adverse legal history.

Responsibilities:

• Conduct comprehensive Source Code Reviews (SCR) to identify and analyze security vulnerabilities, including but not limited to SQL Injection, Cross-Site Scripting (XSS), buffer overflows, and other issues highlighted in the OWASP Top 10.
• Analyze source code written in programming languages relevant to Alinma Banks systems, such as Python, Java, C++, C#, and Swift.
• Utilize industry-standard static and dynamic code analysis tools, including Veracode, Checkmarx, and Fortify, to enhance manual assessments and ensure thorough vulnerability detection.
• Prepare and deliver detailed, actionable reports outlining identified vulnerabilities, their potential business impact, and recommended remediation strategies.
• Collaborate closely with development and operations teams to ensure the resolution, validation, and verification of reported vulnerabilities.
• Maintain the highest standards of confidentiality and integrity in handling assessment findings, in accordance with ethical guidelines and legal obligations.