Application Security Engineer

Dubizzle Group is a multinational operation built on people that are plugged in, hungry for innovation, and live outside the box. We own and operate 5 bespoke leading brands in emerging markets, across 10 countries globally.

At Dubizzle Group, we constantly aim to disrupt traditional processes by introducing solutions that make property and classifieds search faster, easier, and simpler. Our competitive advantage comes from the tremendous value we add to the businesses that work with us, and the significant ease we provide to end users. We aim to use digital tools to conquer emerging markets, one portal at a time!

As an Application Security Engineer, you will work closely with the Head of Group IT and with the other relevant stakeholders from the IT and development teams to ensure that security is a core component of our systems and practices. You will be responsible for helping define, implement, and audit the effectiveness of our security controls and providing actionable recommendations to mitigate risks across a broad range of applications and services.

In this role you will:

• Collaborate with internal teams to implement security controls, address vulnerabilities and improvesecurity practices in the relevant platforms & services.
• Conduct penetration testing on web applications, mobile applications, APIs, networks, and system and coordinate the pen-testing projects executed by external partners.
• Ensure identified vulnerabilities, threats and risks are captured and processed in line with our risk management policy and procedure.
• Take part in security incident resolution and contribute to the development, maintenance and assessment of the Incident Response Plan’s effectiveness.
• Monitor the internal alerting systems and drive the events to closure.
• Participate in regular internal and external audits (including periodic user access reviews) on critical systems and ensure audit findings are remediated in the agreed timeframe.
• Reduce the information security knowledge gap within the technical teams by contributing to the creation of educational materials and awareness campaigns.
• Implement and regularly review the internal security policies and controls across all business-critical services.