Saudi Aramco Careers

Senior Application Security Analyst

Saudi Arabia
information technology


Job Description

Requisition ID: 1182399

Req Number: 16294BR

Position Description:
We are seeking a Senior Application Security Analyst to join the Application Security & Vulnerability Management Division of Information Technology.

The Application Security & Vulnerability Management Division is responsible for assessing applications’ security posture by identifying, reporting and tracking vulnerabilities related to the application, its source-code and underlying components. This applies to third-party and in-house developed applications.

The Senior Application Security Analyst primary role is to perform day-to-day vulnerability assessment, analysis, reporting and tracking. The analyst will also analyze source code vulnerabilities, third-party components and the associated risk of exploitability.

Minimum Requirements:
As the successful candidate you will hold a Bachelor’s degree in Computer Science from a recognized and approved program. An advanced degree is preferred.

You will have seven years of experience in cybersecurity, including at least five years in application security.

You must have application development background (preferably in SAP ABAP, Java and .Net Technologies)

You will be able to demonstrate experience in static code scanning and analysis

In-depth knowledge of application security and application specific vulnerabilities is a requirement

You must also have experience in manual source code review and analysis (in C#, Java, ABAP, Javascript, Objective C, Swift and others)

Experience in vulnerability analysis and capability of identifying false positives in static code scanning reports is also necessary

You are expected to be experienced with OWASP Top 10 most critical web application security risks

It is preferred you have the ability to conduct application penetration testing

Duties & Responsibilities:
You will be required to perform the following:

Perform source-code scanning using several tools including IBM AppScan Source, Virtual Forge CodeProfiler, OWASP Dependency Check and others.

Generate management and technical vulnerability reports and identify false positives.

Provide support to application developers during vulnerability remediation.

Research the market for scanning tools and best practices.

Maintain existing source code scanning solutions and their infrastructure.

Conduct penetration test activities to examine the vulnerability exploitability

About us:
The Engineering & Project Management (E&PM) business line studies, plans and oversees the construction of the Company’s new facilities, including some of the biggest and most complex projects in the petroleum industry. Recently, Saudi Aramco completed the largest capital program in its history that included new or expanded oil, gas and petrochemical facilities, raising maximum sustainable crude oil production capacity to 12 million barrels per day and significantly increasing gas production and processing capacities. Among the recently completed projects was the largest crude oil increment in the history of the industry: Khurais, with a production capacity of 1.2 million barrels per day. More challenges lie ahead, with a slate of new or expanded oil, gas, refining and petrochemical projects in the works. E&PM also manages the Company’s Research & Development Center where scientists investigate topics such as the desulfurization of crude oil, advanced fuel formulations for next generation combustion engines, and reservoir nano-scale robots (Resbots™) for injection into reservoirs to record their properties.