Digital Security Engineer

Job Purpose:

The Digital Security Engineer embeds security controls throughout the software development and deployment lifecycle, ensuring banking systems remain secure, compliant, and resilient. He/She implements automated security scanning, builds and maintains DevSecOps pipelines, and performs application security testing across internal and third-party platforms. The Digital Security Engineer collaborates with development teams to remediate vulnerabilities, supports secure integration with external partners, and ensures compliance with CBO regulations and internal cybersecurity frameworks.

Key Accountabilities:

• Designs and implements CI/CD security pipelines in GitLab with automated security gates.
• Configures and maintains security scanning tools including SonarQube, Snyk, and Burp Suite.
• Performs application security testing on web and mobile applications (React Native, Flutter).
• Conducts API security assessments for internal systems and partner integrations.
• Reviews source code in JavaScript, TypeScript, Dart, and to identify vulnerabilities.
• Performs penetration testing on digital banking applications and services.
• Assesses mobile app security for iOS and Android, including reverse engineering and threat analysis.
• Implements and manage secrets and key management using OCI Vault.
• Configures Web Application Firewall (WAF) rules and policies in Oracle Cloud Infrastructure (OCI).
• Ensures compliance with CBO cybersecurity regulations, PCI-DSS standards, and internal ISMS policies.
• Conducts third-party security assessments for partner integrations and platforms.
• Manages software license compliance and audits usage of open-source and commercial components.
• Reviews and approves third-party libraries to ensure proper licensing and usage.
• Guides developers in selecting properly licensed components or suggests compliant alternatives.
• Manages the vulnerability disclosure lifecycle and coordinates remediation workflows.
• Trains developers on secure coding practices aligned with OWASP Top 10 and industry standards.
• Responds to application-layer security incidents and forensic investigations.
• Uses AI tools to analyze vulnerabilities and generate automated remediation guidance.

Key Skills & Competencies:

• Strong proficiency in React Native and Flutter security assessments
• Advanced capability in software license compliance and audit processes
• Good in open-source license management (MIT, Apache, GPL, etc.).
• Hands on PCI-DSS compliance implementation
• Excellent in securing Oracle Cloud Infrastructure (OCI) environments
• Good skills in IBM API Connect security configurations
• Good Temenos platform application security skills.
• Profeicent in RASP technologies
• Good skills in threat modeling using STRIDE and PASTA frameworks
• Hands-on skill in binary analysis and reverse engineering techniques
• Good in container security scanning and compliance skills.
• SIEM tools (Splunk, ELK)
• Excellent analytical and problem-solving skills
• Strong interpersonal communication skills preferably in Arabic and English

Qualifications and Experience:

• Bachelor's degree in Cybersecurity, Computer Science, or related field
• A professional certification in one of the cybersecurity or information security domains (e.g., CISSP, CEH, OSCP, GWAPT, GIAC, etc.)
• Minimum of 5 years in application security, DevSecOps, or security engineering.
• Proven track record of executing similar accountabilities in Banking, fintech, or a regulated industry.
• Vast experience in web and mobile application security testing.
• Familiarity with JavaScript/TypeScript OR Dart preferred.
• Strong understanding of secure coding practices and OWASP Top 10.
• Hands on experience in implementing security in CI/CD pipelines.
• Clear understanding of CBO cybersecurity regulatory requirements.