InfoSec Engineer

Dubai, Dubai, United Arab Emirates

Full Time Senior-level / Expert USD 37K - 87K * ^est.

Bayut | dubizzle

View all jobs at Bayut | dubizzle

Apply now Apply later

Posted 3 weeks ago

Bayut & dubizzle have the unique distinction of being iconic, homegrown brands with a strong presence across the seven emirates in the UAE. Connecting millions of users across the country, we are committed to delivering the best online search experience.

As part of Dubizzle Group, we are alongside some of the strongest classified brands in the market. With a collective strength of 6 brands, we have more than 123 million monthly users that trust in our dedication to providing them with the best platform for their needs.

As an InfoSec Engineer, you will work closely with the Head of Group IT and with the other relevant stakeholders from the IT and development teams to ensure that security is a core component of our systems and practices. You will be responsible for helping define, implement, and audit the effectiveness of our security controls and providing actionable recommendations to mitigate risks across a broad range of applications and services.

In this role, you will:

Collaborate with internal teams to implement security controls, address vulnerabilities and improve security practices in the relevant platforms & services.
Conduct penetration testing on web applications, mobile applications, APIs, networks, and systems and coordinate the pen-testing projects executed by external partners;
Ensure identified vulnerabilities, threats and risks are captured and processed in line with our risk management policy and procedure;
Take part in security incident resolution and contribute to the development, maintenance and assessment of the Incident Response Plan’s effectiveness;
Monitor the internal alerting systems and drive the events to closure;
Participate in regular internal and external audits (including periodic user access reviews) on critical systems and ensure audit findings are remediated in the agreed timeframe;
Reduce the information security knowledge gap within the technical teams by contributing to the creation of educational materials and awareness campaigns.
Implement and regularly review the internal security policies and controls across all business-critical services.

Requirements

Bachelor's degree in Computer Science, Information Security, or a related field
3-5 years of experience in information security or a related role;

Proven experience as a Security Analyst, Security Engineer, Penetration Tester or similar role;
Experience with the current Security frameworks such as ISO 27001, NIST and Data Protection.
Good understanding of how to secure corporate environments and business applications;
Solid understanding of hosting platforms, public cloud services and enterprise networking;
Technical understanding of backend engineering architectures;
Familiarity with secure coding practices and vulnerability management frameworks (OWASP);
Strong knowledge of secure identity and access management practices;
Strong knowledge of security technologies, including firewalls, IDS/IPS, and open-source vulnerability scanning tools;
Proficiency in programming languages commonly used in security, such as Python or C++;
Familiarity with network protocols and encryption algorithms;
Understanding of regulatory frameworks and compliance standards (e.g., PCI DSS, GDPR).
Able to define and select solutions for the cybersecurity space and monitor their effectiveness;
Good communication skills, both written and verbal, with the ability to drive alignment with technical and business stakeholders;
Continuous learning mindset to stay on top of emerging threats and technologies, with a willingness to apply processes unique to the challenges at Dubizzle Group;
Disciplined and logical thinker with the ability to draw conclusions from large data sets;