MAIN OBJECTIVE OF ROLETo architect, design and communicate comprehensive security strategies, design of security solutions, to enable and guide the design and development of solutions that meet current and future business needs in alignment with corporate IT standards and security architecture guiding principles.KEY RESPONSIBILITIES

• Develops optimal, purpose-built IT Security solutions that align with customer requirements ensuring architecture is secure, robust, appropriate, high-quality and conform to corporate IT standards and roadmaps.
• Takes accountability for the end-to-end security architecture, including making decisions on architecture and technology.
• Develops security architecture standards, guardrails and best practices in the information, application, and technology domains and ensure awareness across IT teams.
• Conducts security architecture design reviews for applications, data and infrastructure (both cloud/on-premises) to identify gaps or discrepancies to ensure adherence to security architectural patterns and guidelines.
• Collaborates with developers and solution architects to design and implement secure application architectures, ensuring secure coding practices and implementing controls such as, including Identity and Access Management, authentication protocols, encryption, role-based access and Application Programming Interface (API) security mechanisms.
• Monitors emerging threats and trends continuously, proactively adapting security solutions to mitigate risks, and evaluate and select security technologies and tools, ensuring seamless integration and interoperability.
• Conducts deep dive security architecture reviews of vendor products as part of selection and other critical production applications, providing architecture recommendations for the short and long-term improvement of security controls.
• Conducts code analysis of large applications, manually and using Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) scanning solutions, and conducts manual vulnerability analysis
• Assists the Information Security (InfoSec) and Enterprise Security team in conducting regular security risk assessments to identify and evaluate potential security risks across the enterprise, contributing to data loss prevention strategies including analysis of application behavior and preventing accidental or malicious data leakage.
• Develops logical infrastructure solutions in alignment with the security standards and works closely with infrastructure teams to ensure that the physical infrastructure designed meets security requirements.
• Owns, manages and maintains the security architecture roadmap and runways, overseeing the identification, prioritization, and development of technical enablers, technical debts, quality improvements, and application modernization activities of security.
• Drives security architecture decisions and be accountable for their implications regarding solution costs, delivery schedules, application complexity, technical debt and overall solution performance.
• Engages in end-to-end project lifecycle to manage security architecture, evaluate new systems, review proposed infrastructure changes, guide application security/coding best practices to develop and maintain security architecture guardrails, policies, and procedures.

QualificationsQUALIFICATIONS REQUIREDMinimum Education Levelxc2xb7 Bachelor's Degree (3+ years)Education Specific Requirement (if applicable)xc2xb7 Degree in Information Technology, Computer Science, or related fieldCertifications (if applicable)xc2xb7 Preferred Certifications: CISSP, CCNP Security, CISA, CEHLanguagesxc2xb7 Fluent in EnglishEXPERIENCE REQUIREDYears with Qualificationsxc2xb7 10Professional Experiencexc2xb7 Proven experience as a Security Solution Architect or similar experience as an Application/Product Security Engineer.xc2xb7 Architect Background in integrating security testing into the Software Development Life Cycle (SDLC).xc2xb7 Experience providing security knowhow to developers and working with them to build secure solutions.xc2xb7 Experience in security architecture and design of large scale and mission critical business applications.xc2xb7 Strong familiarity with common vulnerabilities and attack vectors.xc2xb7 The ability to communicate complicated technical issues and the risks they pose to developers, network engineers, system administrators, and management.xc2xb7 Airline experience and working in multi culture environment is preferred.Systems Knowledge (if applicable)xc2xb7 Strong understanding of security technologies and solutions, including firewalls, intrusion detection/prevention systems, anti-malware, anti-ransomware, DDOS/WAF/Bot Management, DLP and data encryption solutions.xc2xb7 Proficiency in security tools in software development (SAST, DAST, SCA, Container security, API Security testing) and infrastructure security tools (Nessus, Qualys, Azure, AWS), SIEM tools (Splunk, LogRhythm), SOAR and WAFxe2x80x99s.xc2xb7 Proficiency in auditing .Net, Java, Python or JavaScript languages/technologies Knowledge of web service technologies, load balancer services (i.e., Nginx, Cloudflare, F5, etc.) and RESTful APIs Knowledge of ubiquitous encryption technologies (PGP, SSH, SSL, etc.) and common authentication protocols (OpenID Connect, OAUTH, SAML, RADIUS, LDAP, KERBEROS etc.).xc2xb7 Solid understanding of secure network and system design in both cloud (AWS, Azure, etc.) and conventional environments.xc2xb7 Knowledge on Industry best practices and security standards like OWASP Top 10, SANS Top 25, GDPR, PCI DSS, NISTCORE COMPETENCIESxc2xb7 Customer Focusxc2xb7 Teamworkxc2xb7 Effective Communicationxc2xb7 Personal Accountability & Commitment to achievexc2xb7 Resilience and Flexibility (Can do attitude)LEADERSHIP COMPETENCIESxc2xb7 Decision Makingxc2xb7 Strategic Thinkingxc2xb7 Business AcumenISR REQUIREMENTSReads and complies with the ISR policies of the Company and diligently reports any weakness or incidents to the respective Line Manager or the Information Security team. Completes all required ISR awareness sessions and follows associated guidelines in the day-to-day business operations.

flydubai