Job Description
Accountable for the overall implementation of the Application Security development Process,Collaborate with business teams, developers, and testers to define and implement holistic security assurance processes,Security Test, build & execution, defect identification, and reporting in a regulated environment, including security code review and scanning,Develop high-quality automated tests to support development,Ensure the DevOps pipeline supports the implementation of secure development/operation practices,Review and consult on security risks of Mobile, Web, and Cloud applications,Provide executive summary reports of assurance metrics to security governance team with a comprehensive inventory of the attack surface, the state of testing and defensive coverage of surfaces, and real-time accounting of open risks within each applicati,Create a center of expertise and library learning center for common application security design and reuse,Participate in the definition and documentation of OJ security standards and best practices,Analyzing source code, both with manual and automated tools for security related weaknesses and common problems,Performing manual and automated analysis on applications using open source and custom tools (preferably Secure Code),Proactively testing using a mix of static and dynamic application security tests (SAST and DAST),Coach with development teams to ensure risk is understood as well as to track and validate all remediation tasks,Identifies, prioritises and develops reusable security services to be provided to development teams,Incorporates security vulnerabilities and advisories related to 3rd party libraries and software into the development lifecycle; recommends and prioritises incorporation of software patches into the development and operations backlog,Recommends and assists with incorporating any security tests into proactive security monitoring for production systems

Job Requirements
Bachelor degree in Computer Science, Software Engineering, Information Systems, or an equivalent technical degree,Minimum of,Experience with implementing and integrating automated security tests with CI/CD tools such as Jenkins,Demonstrate problem solving, analytical skills and technical troubleshooting skills,Familiarity with OWASP ZAP or other testing tools,Demonstrate professional experience with Agile methodologies (Scrum, Canban) and secure software development,Experience with Relational databases such as Microsoft SQL and MySQL,Experience with Threat Modeling,Demonstrate,Demonstrate knowledge of secure build and configuration standards in a highly regulated environment,Developer Certifications (examples include SCWCD, SCJP, SCJD, SCJA, MCSD, etc.),Familiarity with industry changes in security standards, information governance, development standards, methods and emerging 3rd party security software in order to advise on security and leverage industry best practice in the design and construction of,Experience in conducting code reviews, black/white box testing and application threat modeling,CISM, CISSP, OSCP, CEH preferred,Strong commitment to working as a team,Proven ability to write clear and concise documentation

Special video required about the following:
No special requirements

Job Title
DevSecOps (Expert)
Job Type
Full Time
Job Location
Abdali Boulevard, Amman, Jordan
Career Level
Mid level
Experience Required
5-7 years
Computer Science, information systems, Software Engineering
Required Skills
- Recognizes the need to incorporate security from the beginning of the development lifecycle., - Ability to recognize and balance the concerns of security and business stakeholders., - Appreciation of the business goals of DevSecOps and Agile techniques and the need to drive continuous improvement and automation at every opportunity, - Can identify real vs theoretical risks and can frame security risks and likelihood of exploits in clear business terms., - Able to monitor and track delivery and key performance indicators