Cybersecurity Engineer - Application Security

Job Description

Cybersecurity Engineer – Application Security role is responsible to maintain information security management within the SJC IT applications (Business and Operations) and continue security controls to maintain adequate cyber security posture within the environment and support manage SJC IT Information Security Lead.

Responsibilities

Key Roles & Responsibilities

Information Security Governance

• Working with application development and maintenance teams to ensure that the application security coverage from the requirement gathering level, SDLC, application implementation and after implementation.
• Coordinate with vendors and conduct vulnerability assessments and penetration testing for applications (web, on premises, mobile, public facing)
• Conduct security static and dynamic testing through the provided tools – before go live (new or changes)
• Coordinate with Cybersecurity Engineer – governance and risk management to maintain application security management policies/ procedures and risk management.
• Assist to develop, implement, and manage the overall application enterprise process for information security and associated architecture standards such as ISO 27001, NIA, cyber security law, privacy management law and Qatar 2022 cyber security requirement.
• Evaluate suspected security breaches and recommend corrective actions (including incidents involving outside vendors).
• Follow cyber security incident management and incident response plan
• Serve as the part of the security incident response planning and execution
• Assist Risk Management, Internal Audit and IT department in the development of appropriate criteria needed to assess the level of new/existing applications and / or technology infrastructure elements for compliance with enterprise security standards.
• Assist in the review of application and/or technology environments during the development or acquisition process to (a) assure compliance with corporate security policies and directions and (b) assist in the overall integration process regarding SJC IT’s own technology environment.
• Application layer continuity management during the crisis situations
• Evaluate information security KPIs based on the Information Security/privacy Objectives and reviewing those KPIs based on the security objective’s changes
• maintenance of Application layer to support the organization’s information security/privacy policies and procedures and ensure timely updating thereof in light of changing circumstances/ best practices/ regulatory directives.
• Work with IT Security lead to coordinate with MOI security shield and maintain the NCSOC onboarding and continuity of connectivity
• Work with IT Security lead to coordinate with MPTO team and maintain Qatar 2022 implementations based on the agreed roadmap
• Provide daily, weekly and monthly reports to Information Security Lead related environment application level changes, incidents, problems, service operation and critical area.
  
  

Mandatory actions

• IT Security Team Meeting – Monthly Basis
• Risk register validation – monthly basis (until IT environment in stable state)
• Information Security KPI validation – Monthly, Quarterly (reporting), Bi-annual and annual
• Compliance management – NIA, Qatar 2022, NCSOC, Q-cert, ISO 27001:2013, Cyber Crime Law, Privacy Law and other applicable laws and regulations to SJC IT.
  
  

Qualifications

• Skills, Knowledge and Expected Behaviors against Values
  
  

Competencies

Technical Competencies: ORGANIZATION Values:

• Deep understanding and management experience of Information Security standards, processes and risk management.
• Knowledge of Department Priorities, Products, and the strategy
• knowledge information security landscape
• Maintain ISO27001:2013 certificate and other compliance requirements
• Application security knowledge
• Static and dynamic testing
• OWAPS
• Web application security
• .Net and Oracle environments
• Information security KPI validation
• Benchmarking
• Risk Management
• Maintaining Information Security Management Policies and procedure
• Knowledge of government and regulatory requirements
• Experience with Security Operations Center (SOC)
• Experience in current Security tools and solutions
• Personal information privacy management
• Act as One
• Over deliver on our promises
• Share what matters
• Always Challenge Assumptions
• Be pioneering
• Key Business Interactions
  
  

Internal External

• SJC IT Information Security Lead
• IT Department team and heads
• IT Security Team
• Internal Auditors
• Vendors
• External Auditors
• Regulatory
• Qualifications & Experience
  
  

Required Qualifications

• University Degree in Information Technology with Msc. in Information Security/ Cyber security from a recognized university is a plus.
• Certifications in Information security such as CISM, CISA, CRISC, CISSP, CBCP, GIAC, ISO27001LA
• Offensive security certifications CEH and CHFI is a plus
  
  

Preferred Experience

• Minimum 3 years of experience of which a minimum of 2 years should be in a similar position / responsibility.
  
  

About Malomatia

ABOUT US

malomatia is a leading Qatar-based IT services and solutions provider, bringing together top Qatari and international talent to deliver innovative, end-to-end technology solutions that empower clients to achieve their strategic goals.

Our mission

Empowering Qatar’s businesses and governments to leap into the digital future with agile, knowledge-driven solutions.

Our vision

To become Qatar’s trusted knowledge partner in digital transformation, disrupting industries, shaping the future, and building a world-class tech ecosystem.

Driving change that makes a real impact

Since 2008, malomatia has been driving Qatar’s digital transformation through innovative, ISO-certified IT solutions. With expertise across key public and private sectors, we empower the nation’s vision with advanced services in cloud, cybersecurity, AI, and contact center excellence, elevating the role of technology in shaping Qatar’s sustainable future.

About The Team

Established in 2008, malomatia is a Qatari leader in IT services and digital transformation. We serve key sectors including Government, Healthcare, Education, Customs, and Transportation, delivering impactful solutions that support national development goals. Powered by a diverse team of skilled Qatari and international IT professionals, we deliver innovative, high-value digital solutions tailored to the unique needs of our clients.

Our mission is to inspire customers to thrive through digital excellence, and we envision becoming the trusted partner of choice in building a smarter society through technology and talent. We are driven by core values that define our culture and approach: ownership, integrity, empathy, teamwork, transparency, agility, excellence, trust, and innovation.

Join us in shaping the future of technology in Qatar