IT Application Security Specialist

Role overview

The IT Application Security Specialist will shape, implement, and oversee application security across the enterprise so that systems are built securely and meet internal as well as regulatory expectations. The position is centered on embedding security into the software development lifecycle, advancing DevSecOps ways of working, and defining secure architecture practices for cloud, on-premises, and hybrid setups.

Key responsibilities

• Build, maintain, and evolve the organization’s application security program.
• Promote and apply secure-by-design practices across all applications.
• Track meaningful security indicators such as vulnerability decline and remediation turnaround times.
• Strengthen the maturity of application security over time through continuous improvement.
• Review and design secure architectures for applications, APIs, and microservices.
• Drive threat modeling efforts using methods such as STRIDE.
• Set and enforce security design patterns covering authentication, encryption, and data protection.
• Contribute to architecture review and governance discussions.
• Embed security controls within CI/CD pipelines.
• Deploy and manage testing tools for static, dynamic, and software composition analysis.
• Define secure coding practices aligned with OWASP Top 10 guidance.
• Automate security checks and enforcement across development pipelines.
• Architect and support secure cloud deployments across AWS and/or Azure.
• Apply IAM controls and Zero Trust principles.
• Protect container-based platforms such as Kubernetes and OpenShift.
• Ensure monitoring, logging, and threat detection are effective in cloud environments.
• Coordinate vulnerability assessments, penetration tests, and application security reviews.
• Follow through on fixing and closing identified vulnerabilities within agreed timelines.
• Verify security controls through testing and simulation activities.
• Work with SOC teams to improve monitoring and incident response capabilities.
• Assist with SIEM use case development and tuning.
• Review security trends to spot emerging threats and risks early.
• Support compliance with security and regulatory frameworks including PCI DSS, SWIFT CSP, and ISO 27001.
• Help with internal and external audits and other regulatory reviews.
• Create and maintain security policies, standards, and procedures.
• Guide development, DevOps, and architecture teams on application security practices.
• Deliver training and awareness sessions on secure coding.
• Serve as a trusted advisor on application security topics.
• Collaborate closely with development, infrastructure, and security teams.
• Contribute both to strategy and to hands-on technical delivery.
• Work effectively in regulated environments where applicable.

Qualifications and experience

A bachelor’s degree in Computer Science, Cybersecurity, Software Engineering, or a related discipline is required. The role calls for 8 to 12 years of experience in cybersecurity, with a strong emphasis on application security, DevSecOps, and cloud security. Experience in banking or financial services is preferred.

Technical and behavioral competencies

Applicants should have a strong command of OWASP Top 10, secure coding, secure SDLC, threat modeling, API and web application security, and application security testing tools such as SAST, DAST, and SCA. Practical knowledge of AWS and/or Azure security, Kubernetes/OpenShift container security, SIEM, vulnerability management, and security monitoring is also important. In addition, the role requires strong analytical thinking, problem-solving ability, clear communication, stakeholder management, influencing skills, attention to detail, and solid risk awareness.

Professional certifications

Candidates must hold at least two of the following certifications: CISSP, CCSP, CISM, or CRISC. Preferred certifications include CEH, Microsoft Azure Security Engineer (AZ-500), AWS Security Specialty, and OSCP.

Additional information

This is a full-time, onsite position based in Doha, Qatar.

The role blends long-term security planning with direct technical execution.

Close partnership with development, infrastructure, and security functions is essential.

Salary details, number of openings, and start date were not specified.