Saudi Aramco Careers

Senior Application Security Analyst

Saudi Arabia
information technology


Job Description

Requisition ID: 1182399

Req Number: 16294BR

Position Description:
We are seeking an Senior Application Security Analyst to join the Application Security & Vulnerability Management Division of Information Technology.

Application Security & Vulnerability Management Division is responsible for assessing application security by identifying, reporting and tracking vulnerabilities related to the application and its underlying components, as well as tracking compliance of IT systems. This applies to third party applications, in-house developed applications, appliance based systems and any combination of the above.

The Senior Application Security Analyst primary role is for day-to-day vulnerability assessment, reporting and tracking. The analyst will also perform penetration tests of relevant applications and systems to ensure that they meet required security measures and identify any weaknesses or security flaws.

Minimum Requirements:
As the successful candidate, you will hold a Bachelor’s degree in Computer Science from a recognized and approved program. An advanced degree is preferred.

You must have seven or more years of experience in cybersecurity, including at least five in application security.

You must have a strong understanding of conducting penetration testing against all components including but not limited to operating system, network devices and application middleware.

You are expected to demonstrate understanding of information systems security; network architecture; general database concepts; document management; hardware and software troubleshooting; electronic mail systems. You need to demonstrate familiarity with common protocols such as: DNS, DHCP, LDAP{S}, SNMP, SMTP, HTTP{S}, and SSL/TLS.

Experience with a range of operating systems such as RHEL (Red Hat Enterprise Linux), Windows 2012, Windows 10 and Windows 8 is preferred. You will also be proficient with a wide range of penetration test tools and vulnerability assessment platforms.

You must have an understanding of compliance assessments against internal and external standards, vulnerability risk rating and recommending counter measures to address the risks. Solid experience in evaluating the cumulative risk of multiple vulnerabilities and their contribution to the overall risk factor.

Two or more certifications are also necessary, such as Certified Ethical Hacker (CEH), EC-Council Certified Security Analyst, Cisco Certified Network Associate (CCNA), appropriate SANS course or similar certification or equivalent academic courses (higher education).

The preferred candidate will also have excellent verbal and written communication skills, being able to clearly evidence and present findings to both a technical and a managerial audience.

Duties & Responsibilities:
You will be required to perform the following:

Compliance audits against internal and external standards for multiple applications.

Application penetration tests using various web proxy toolkits. Predominantly Portswigger’s Burp, but also including OWASP ZAP, Fiddler and SoapUI.

Penetration testing using a full suite of penetration test tools and frameworks; including Metasploit, nmap, openssl and all tools typically found in Kali 2017.3.

Vulnerability Analysis using Rapid7’s Nexpose and Metasploit Pro frameworks.

Perform wireless penetration testing using tools such as Kismet, FernPro and Wifi Pineapple.

Support internal projects with IT Security consultation activities.

Deliver technical reports clearly documenting findings.

About us:
The Engineering & Project Management (E&PM) business line studies, plans and oversees the construction of the Company’s new facilities, including some of the biggest and most complex projects in the petroleum industry. Recently, Saudi Aramco completed the largest capital program in its history that included new or expanded oil, gas and petrochemical facilities, raising maximum sustainable crude oil production capacity to 12 million barrels per day and significantly increasing gas production and processing capacities. Among the recently completed projects was the largest crude oil increment in the history of the industry: Khurais, with a production capacity of 1.2 million barrels per day. More challenges lie ahead, with a slate of new or expanded oil, gas, refining and petrochemical projects in the works. E&PM also manages the Company’s Research & Development Center where scientists investigate topics such as the desulfurization of crude oil, advanced fuel formulations for next generation combustion engines, and reservoir nano-scale robots (Resbots™) for injection into reservoirs to record their properties.