Job summary
Conduct comprehensive Source Code Reviews (SCR) to identify and analyze security vulnerabilities, including but not limited to SQL Injection, Cross-Site Scripting (XSS), buffer overflows, and other issues highlighted in the OWASP Top 10. Analyze source code written in programming languages relevant to Alinma Banks systems, such as Python, Java, C++, C#, and Swift. Utilize industry-standard static and dynamic code analysis tools, including Veracode, Checkmarx, and Fortify, to enhance manual assessments and ensure thorough vulnerability detection. Prepare and deliver detailed, actionable reports outlining identified vulnerabilities, their potential business impact, and recommended remediation strategies. Collaborate closely with development and operations teams to ensure the resolution, validation, and verification of reported vulnerabilities. Maintain the highest standards of confidentiality and integrity in handling assessment findings, in accordance with ethical guidelines and legal obligations.
Qualifications
- Bachelor's degree in Computer Science, Information Technology, or a related field.
- 6+ years of relevant experience in source code reviews and cybersecurity risk assessments, preferably in enterprise environments.
Responsibilities
- Conduct comprehensive Source Code Reviews (SCR) to identify and analyze security vulnerabilities, including but not limited to SQL Injection, Cross-Site Scripting (XSS), buffer overflows, and other issues highlighted in the OWASP Top 10.
- Analyze source code written in programming languages relevant to Alinma Banks systems, such as Python, Java, C++, C#, and Swift.
- Utilize industry-standard static and dynamic code analysis tools, including Veracode, Checkmarx, and Fortify, to enhance manual assessments and ensure thorough vulnerability detection.
- Prepare and deliver detailed, actionable reports outlining identified vulnerabilities, their potential business impact, and recommended remediation strategies.
- Collaborate closely with development and operations teams to ensure the resolution, validation, and verification of reported vulnerabilities.
Skills
- Strong hands-on experience in programming languages such as Python, Java, C++, C#, and Swift.
- Proficiency in using Veracode, Checkmarx, and Fortify for source code analysis.
- Proficiency in scripting languages including Python, PowerShell, and Bash.
Desired requirements
- Possession of one or more of the following (or equivalent) certifications: Certified Secure Software Lifecycle Professional (CSSLP), Certified Application Security Engineer (CASE), or Offensive Security Certified Expert (OSCE).
- Excellent verbal and written communication skills, with the ability to articulate technical issues to both technical and non-technical stakeholders.
- Strong skills in documentation and reporting using Microsoft Word, Excel, and PowerPoint.
Benefits
- High level of integrity, professional ethics, and a commitment to confidentiality.
- Must possess a valid security clearance as required by the Ministry of Interior (MOI).
- Must not have any criminal record or adverse legal history.
