99 Application Security jobs in Saudi Arabia

Role Purpose

We are seeking a skilled
DevSecOps Engineer
to design, implement, and manage secure software delivery practices. The role focuses on integrating security into CI/CD pipelines, automating testing, and ensuring compliance with industry standards while collaborating across IT, operations, and audit teams.

Key Responsibilities

• Onboard and integrate projects into the DevSecOps tool chain.
• Design and implement secure software delivery practices.
• Automate security testing in CI/CD pipelines to improve efficiency and reliability.
• Develop and maintain security tools and automation scripts.
• Create and tune DevSecOps security policies.
• Collaborate with operations, compliance, and audit teams to meet security requirements.
• Conduct vulnerability assessments using SAST, DAST, and IAST tools.
• Generate CIS benchmark compliance reports and follow up on resolution.
• Support encryption strategies (KMS, SSL/TLS, digital certificates, crypto policies).
• Monitor and analyze security events through SIEM (QRadar).
• Provide support for endpoint protection (EDR) and operational control.

Requirements

• Bachelor's degree in Computer Science, IT, or related field.
• 4–6 years of experience in DevSecOps, Qradar, Application Security, or related roles.
• Hands-on expertise with SAST, DAST, IAST Seeker, SCA, and RASP tools.
• Experience with Sonatype Nexus-IQ and Synopsys Coverity.
• Strong scripting skills (Python, Bash, PowerShell).
• Familiarity with Agile/DevOps methodologies.
• Knowledge of compliance standards (CIS, NIST, ISO).
• Strong problem-solving, collaboration, and communication skills.

Job Description
The role is responsible for leading the design, development, implementation, and management of application and software security strategies across the organization. This role oversees application security architecture, supports secure development practices, conducts security assessments, and collaborates with cross-functional teams to ensure applications are designed and deployed securely.

Responsibilities

• Perform secure programming by identifying potential code flaws and mitigating vulnerabilities, ensuring cybersecurity is integrated throughout development, maintenance, and decommissioning.
• Conduct risk analysis and evaluate software and system changes to recommend modifications that enhance security and meet user needs within time and budget constraints.
• Apply cybersecurity functions such as encryption, access control, identity management, and public key infrastructure to reduce exploitation risks.
• Develop, test, and document secure code following security standards, including proper error handling and secure coding practices.
• Prepare detailed workflow diagrams and documentation that describe the logical operation and security controls of software systems.
• Translate security requirements into application design, including threat modeling, attack surface documentation, and defining specific security criteria.
• Collaborate with engineering teams and customers to design, develop, and maintain secure cybersecurity software systems.
• Perform integrated quality assurance testing and trial runs to verify functionality, security levels, and resilience of software applications.
• Modify and maintain existing software by correcting errors, adapting to new hardware, upgrading interfaces, and documenting software patches to prevent vulnerabilities.
• Devise creative exploits, solutions, and techniques to discover software vulnerabilities and improve overall security posture.
• Perform any other duties assigned to by line manager related to the nature of the work
• Enforce, incorporate, and comply with all necessary controls and related information security policies, procedures, practices, training, reporting, personal due diligence and vigilance, within departmental/unit activities and operations.

Qualifications
Preferred Qualifications

• A tertiary level qualification from a recognized institution
• Industry-recognized certifications

Years & Nature of Experience

• Proficient in conducting comprehensive vulnerability scans and accurately identifying security weaknesses within systems.
• Experienced in designing and implementing effective countermeasures to mitigate identified security risks.
• Skilled in writing clean, efficient code using currently supported programming languages.
• Adept at designing thorough cybersecurity test plans to ensure system resilience.
• Experienced in integrating public key infrastructure (PKI), encryption, and digital signature capabilities into applications.
• Proficient in utilizing advanced code analysis tools to detect and resolve security issues.
• Skilled in performing root cause analysis to diagnose and address cybersecurity incidents.
• Knowledgeable in applying cybersecurity and privacy principles to meet organizational policies and compliance requirements.
• Experienced in software debugging to identify and correct errors effectively.
• Capable of developing and applying mathematical and statistical models for security analysis and problem solving.

Technical Competencies

• Information security frameworks
• Programming and Testing
• Threat Modelling and Risk Assessment

Behavioral Competencies

• Communication
• Problem Solving
• Attention to detail
• Analytical Thinking
• Complex Reasoning

About Us
D360 Bank is a shariah-compliant digital bank that aims to provide the best financial experience in the Kingdom. Our Vision: To reinvent finance through innovation & technology making it convenient, accessible & fair to all.

About The Team
Embarking on a journey with the D360 Bank Risk Management team grants you a remarkable opportunity to steer our triumphs and fortify our future. As a valued member, you will assume a pivotal role in owning and orchestrating our enterprise-wide risk policy framework and strategies. Your expertise will encompass identifying, evaluating, and mitigating risks entwined with D360's diverse activities. Joining our esteemed risk management team means actively shaping the forefront of pioneering risk management techniques and state-of-the-art technologies. We firmly believe in embracing innovation to elevate our risk management prowess and fuel enduring progress.

Key Responsibilities:

• Provide expert-level 9x5 support for F5 Access Policy Manager, F5 Web Application Firewall, and Infoblox DNS Security environments.
• Serve as the L3 escalation point for critical incidents escalated from L1/L2 teams, ensuring timely and effective resolution.
• Perform root cause analysis on incidents, document findings, and recommend preventive measures.
• Configure, monitor, and maintain F5 security devices to optimize performance and security.
• Implement and manage policies, rules, and configurations for Access Policy Manager and Web Application Firewall.
• Apply patches, updates, and upgrades in accordance with best practices and organizational policies.
• Configure, monitor, and manage Infoblox DNS Security solutions to safeguard the DNS infrastructure.
• Implement and enforce DNS security policies, ensuring compliance with industry standards.
• Troubleshoot DNS security incidents and collaborate with network teams to ensure robust and secure DNS operations.
• Ensure adherence to security policies, industry standards, and compliance requirements across all managed platforms.
• Collaborate with security teams to conduct vulnerability assessments and security audits.
• Develop and enforce security best practices to mitigate risks and enhance the overall security posture.
• Work closely with network, application, and infrastructure teams to troubleshoot and resolve cross-functional issues.
• Create and maintain detailed documentation on configurations, processes, and incident resolutions for F5 and Infoblox solutions.
• Provide training and knowledge transfer sessions to support teams to elevate overall operational competency.

Required Qualifications:

• Bachelor s degree in Computer Science, Information Technology, or a related field.
• Minimum of 5 years experience in network and application security, with a strong focus on F5 technologies and DNS security.
• Proven expertise in managing and troubleshooting F5 Access Policy Manager and F5 Web Application Firewall solutions.
• Experience with Infoblox DNS Security solutions and best practices.
• Solid understanding of networking protocols (TCP/IP, HTTP/HTTPS, DNS, etc.) and security protocols (SSL, TLS).
• Experience in incident response, system monitoring, and performance tuning within high-availability environments.

Desired Skills & Certifications:

• Strong analytical, troubleshooting, and problem-solving skills.
• Excellent communication and interpersonal abilities to effectively collaborate with technical and non-technical stakeholders.
• Ability to work in a fast-paced, dynamic environment while managing multiple priorities.
• Relevant F5 certifications (e.g., F5 Certified Administrator, F5 Certified Technology Specialist) are highly desirable.
• Familiarity with Infoblox certifications or training, change management, ITIL processes, and documentation best practices.

Qiddiya Investment Company is looking for a highly-skilled and motivated Assistant Manager - Application Security to join our dynamic team. In this role, you will play a critical part in fortifying the security framework for our application development processes. You will work collaboratively with cross-functional teams to embed security best practices across all stages of the software development lifecycle (SDLC).

Your responsibilities will include conducting comprehensive security assessments, performing vulnerability analysis, and offering guidance on secure coding practices. You will influence the culture of security within our organization, ensuring that applications are developed with a strong security mindset.

• Assist in strategizing and executing the application security roadmap aligned with organizational objectives.
• Conduct regular security assessments and penetration testing on applications and services.
• Provide actionable guidance for developers on remediating identified vulnerabilities.
• Participate in threat modeling and risk assessment activities.
• Facilitate training sessions and workshops to promote awareness of secure coding practices.
• Stay up-to-date with the latest security trends, vulnerabilities, and industry standards.
• Collaborate with DevOps teams to integrate security tools and practices into CI/CD pipelines.
• Document and report on security metrics and the status of remediation efforts.

• Bachelor's degree in Computer Science, Cybersecurity, Information Technology or related discipline.
• Minimum 4 years of professional experience in application security or software development roles.
• Expertise in application security frameworks and standards (e.g., OWASP Top Ten, NIST guidelines).
• Experience with security testing tools (SAST, DAST, IAST) and vulnerability management.
• Strong understanding of programming languages, secure coding practices, and software development methodologies.
• Excellent communication skills, capable of conveying complex security concepts to non-technical stakeholders.
• Relevant certifications (e.g., CISSP, CSSLP, CEH) are a plus.

Comprehensive benefits package

Qiddiya Investment Company is seeking a motivated and detail-oriented Assistant Manager - Application Security to strengthen our cybersecurity team. In this pivotal role, you will support the implementation of security measures throughout the software development lifecycle (SDLC), ensuring that our applications are resilient against potential threats and vulnerabilities.

Working closely with various stakeholders, you will conduct security assessments, provide strategic guidance to our development teams, and foster a culture of security awareness in application development practices.

• Assist in developing and implementing application security policies, standards, and best practices.
• Perform security assessments, code reviews, and penetration testing on applications to identify vulnerabilities.
• Collaborate with software development teams to integrate security throughout the SDLC.
• Conduct training and awareness sessions focused on secure coding practices for development teams.
• Stay informed of the latest security trends and technologies to provide effective recommendations.
• Support incident response activities related to application security breaches and vulnerabilities.
• Document security assessments findings and work with developers to prioritize and remediate vulnerabilities.
• Prepare reports on application security metrics and insights for management.

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• 4-6 years of experience in application security, software development, or related fields.
• Strong understanding of application security principles, tools, and frameworks (e.g., OWASP).
• Proficient in security testing methodologies and tools.
• Excellent analytical and problem-solving skills.
• Strong communication skills, with the ability to work collaboratively across teams.
• Relevant certifications (e.g., Certified Information Systems Security Professional (CISSP), Certified Secure Software Lifecycle Professional (CSSLP)) are preferred.

Comprehensive benefits package

Looking for Applications Security Consultancy based in Riyadh, KSA for one of our direct client.

Skills:

• +8 Years of experience on the same field of application security.
• In-depth knowledge of application security, integrations, and related tools such as WAF.
• Must have experience with F5, Cloudflare & Application security (architecture, integrations).
• have at least three of the following certifications:

a- CISSP

b- OSCP

c- OSWE or eWAPTx

d- GMOB

e- GWAPT

f- GWEB

Key Accountabilities:

• Participate in the development of cybersecurity policies, processes, and standard operating procedures to ensure work is carried out in a controlled and consistent manner.
• Lead the development and continuous enhancement of secure application development methodologies, tools, and guidelines aligned with industry best practices (e.g., OWASP, NIST).
• Supervise application security tools and techniques, including Static and Dynamic Application Security Testing (SAST/DAST), to proactively identify and mitigate vulnerabilities.
• Coordinate and guide secure coding practices across development teams, ensuring integration of security at all stages of the software development lifecycle (SDLC).
• Support code review and threat modeling activities to identify design flaws and security gaps in applications.
• Assist in coaching and mentoring junior staff, promoting their professional development and ensuring effective execution of security tasks.
• Oversee the design and implementation of secure application architectures, coordinating with IT and development teams to embed security in solutions from inception
• Establish and maintain continuous monitoring and evaluation processes to ensure the effectiveness of application security controls.
• Lead responses to application-layer incidents, coordinate post-event analysis, and implement preventive measures to avoid future breaches.

Education:

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or any related discipline is required
• Advanced English language proficiency is required.

Experience Requirements:

• Minimum of eleven years work experience with at least five of which in a relevant function and four years in supervisory roles.

Benefit:

• Medical Insurance
• Tickets
• Yearly bonus

The role is responsible for embedding security into the software development lifecycle (SDLC) and ensuring the security of cloud-native, and microservices-based applications, and managing and optimizing the Data Security Assessment Tool (D-SAT). The role involves proactively identifying, assessing, and mitigating security risks in applications while implementing industry-leading security practices to safeguard digital assets.

• Implement Secure-by-Design and Zero Trust Architecture (ZTA) principles in agile & DevSecOps environments.
• Conduct automated and manual threat modelling for API security, cloud-native applications, and AI models.
• Lead the identification and classification of vulnerabilities, assess their risk levels, and collaborate with relevant stakeholders to prioritize remediation efforts.
• Oversee the remediation process, ensuring timely resolution of high-priority vulnerabilities and minimizing security risks to the organization.
• Perform static (SAST), dynamic (DAST), interactive (IAST), and software composition analysis (SCA) to identify security flaws.
• Assess and mitigate risks in AI/ML-based applications, including adversarial attacks and data poisoning threats.
• Implement cloud security controls across Google cloud and Oracle Cloud, ensuring compliance with relevant standards.
• Integrate security testing tools into CI/CD pipelines
• Red Team Collaboration: Work closely with red and blue teams to conduct penetration testing and incident response.
• Develop and present regular reports on vulnerability management metrics, progress on remediation, and the overall security posture of the organization.
• Regulatory Compliance: Ensure compliance with ISO 27001,PCI DSS, and Saudi Arabian Cybersecurity Standards.
• Perform any other duties assigned to by line manager related to the nature of the work
• Enforce, incorporate, and comply with all necessary controls and related information security policies, procedures, practices, training, reporting, personal due diligence and vigilance, within departmental/unit activities and operations.

Preferred Qualifications

• A tertiary level qualification from a recognized institution Computer Science, Information Security, or a related field.

Years & Nature of Experience

• Recommended 3 to 5 years of equivalent experience in information security or vulnerability management where required competencies and experience has been demonstrated
• Proven experience managing security tools like D-SAT, vulnerability scanners, or similar platforms.
• Strong understanding of risk management frameworks and vulnerability assessment methodologies.

Company Description
Innovative Solutions (IS) is a leading pure-player Cybersecurity company established in 2003, headquartered in Riyadh, with operations in Al Khobar, Jeddah, Dubai, and Abu Dhabi. Our mission is to bring trust to cyberspace and ensure that your business is secured through comprehensive cybersecurity solutions and services, which include advisory services, technical assurance, solution deployment, professional services, and managed security services.

Role Description
Comprehensive Vulnerability Assessment:

• Conduct a comprehensive assessment of the IT Infrastructure and applications to identify existing security vulnerabilities
• Prioritize and categorize the identified vulnerabilities based on their risk level, likelihood of exploitation, and potential impact on business operations
• Deliver a detailed technical report outlining
• Assessment findings, risk prioritization, and recommended remediation strategies

Development and Implementation of Security Strategies:

• Develop tailored and comprehensive strategies to address identified vulnerabilities
• Align security measures with organizational objectives and compliance requirements

Continuous Support and Reporting:

• Provide continuous support services to ensure the maintenance and effectiveness of implemented security measures
• Conduct regular reviews and assessments to identify areas for improvement and ensure compliance with evolving standards
• Generate and provide periodic reports outlining the current status of identified vulnerabilities
• Track and document the progress of mitigation efforts and remediation activities
• Provide insights and actionable recommendations to support informed decision-making and continuous improvement

Requirements

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field
• Minimum of 3 years of experience in vulnerability management, patch management, or related IT security roles
• Strong understanding of vulnerability assessment tools and methodologies
• Experience with patch management solutions and best practices
• Knowledge of security frameworks and standards, such as NIST, ISO 27001, or CIS Controls
• Proficiency in working with security tools, including vulnerability scanners, endpoints, and patch management software
• Strong analytical and problem-solving skills, with attention to detail
• Ability to work collaboratively within a team and communicate effectively with stakeholders
• Certifications such as Certified Information Systems Security Professional (CISSP) or Certified Ethical Hacker (CEH) are a plus