Let’s Talk

Let us understand your needs & we shall make sure you have the best match

Contact Us
Mobile Landline +971 4 520 9000 Email info@aspire-technology.net
Business Development Manager
Dubai, UAE
Apply Now
Data Sharing Manager
Apply Now
Consulting Director
Apply Now

Sr. DevSecOps Engineer

Dubai, UAE

Our client is currently recruiting for a Senior DevSecOps Engineer. We are seeking individuals with a diverse skill set to join their dynamic team operating within a DevSecOps environment. The ideal candidate will need to be aware of DevSecOps environment. You will play a crucial role in ensuring the security of various aspects of our systems and applications.

 

RESPONSIBILITIES:

 

Web Application Security:

Demonstrate a profound understanding and practical experience with OWASP top 10 and SANS 25, showcasing proficiency in identifying and exploiting vulnerabilities.

Evaluate CVSS scorings and CVEs effectively, with a knack for exploiting CVE vulnerabilities.

Expertise in identifying and circumventing business logic vulnerabilities, including payment gateway tampering.

Capable of testing Thick Client versions of web applications.

Perform thorough security reviews of code for web-based applications, emphasizing secure coding practices.

Conduct API Security Assessments to detect and address potential vulnerabilities.

 

Mobile Application Security:

Possess experience in exploiting OWASP top 10 and SANS 25 vulnerabilities within mobile applications.

Proficient in bypassing complex SSL Pinning mechanisms in mobile applications.

Skilled in analyzing apk and ipa files, including decompiling and recompiling.

Conduct meticulous reviews of manifest and plist files.

Perform security code reviews for mobile applications, focusing on business logic scenarios.

 

Source Code Review:

Conduct comprehensive manual and automated code reviews across various languages including Java, ReactJS, Node,

ASP, C#, Python, and Ruby.

Identify critical vulnerabilities in web and mobile applications, aligning with OWASP top 10 and SANS 25 secure coding

standards.

Provide actionable code-level mitigations for identified vulnerabilities.

Possess solid knowledge of reviewing open-source packages and third-party libraries used in code.

Prepare detailed root cause analysis reports for vulnerabilities and exploit scenarios.

 

Infrastructure Security:

Execute Vulnerability Assessment and Penetration Testing utilizing tools such as nmap and Nessus.

Perform configuration reviews based on NIST/CIS benchmarks to ensure compliance.

Implement server hardening measures to bolster security posture.

 

DevSecOps:

-Demonstrate proficiency in microservice architecture.

-Expertise in Security Assessment for Kubernetes, OpenShift, and PaaS environments.

-Conduct security code reviews for languages like Groovy, Ansible, Terraform, etc.

-Perform security assessments of Containers.

-Conduct configuration assessments of all cloud components including cognitive services, EC2, EKS, IAM, etc.