ABOUT THE BUSINESS
DP World is a leading enabler of global trade and an integral part of the supply chain. We operate multiple yet related businesses from marine and inland terminals, maritime services, logistics and ancillary services to technology-driven trade solutions.
We have a portfolio of 77 operating marine and inland terminals supported by over 50 related businesses in 40 countries across six continents with a significant presence in both high-growth and mature markets. We aim to be essential to the bright future of global trade, ensuring everything we do has long-lasting impact on economies and society and creates a better future for everyone.
Our dedicated team of over 37,000 employees from 110 countries cultivate long-standing relationships with governments, shipping lines importers and exporters, communities, and many other important constituents of the global supply chain, to add value and provide quality services today and tomorrow.
We make sure cargo keeps moving so people have the things they need, when they need them, helping economies grow and nations prosper. It s an important job, and one that requires smart, proud, passionate people working all across the world people who are not afraid to innovate and find new ways of driving our business forward. We foster a culture of collaboration, innovation and respect. Our global workforce is made up of 45,000 people with over 110 different nationalities who bring their experience and expertise together, allowing us to be a global leader.
By thinking ahead, foreseeing change and innovation we aim to create the most productive, efficient and safe trade solutions globally.
ABOUT THE ROLE
• Planning, implementing, managing, monitoring and upgrading security measures for the protection and risk mitigation of the organisations data, systems and networks.
• Develop and design application security framework and review existing application architecture and continuously provide suggestions of improvement.
• Work with business / product team to implement security within application designing phase, what is best to implement, calling out risks and associated mitigation.
• Work with developers to define security checkpoints in SDLC based on standards and best practices
• Understand DP World business applications vision for application security issues.
• Ensuring that the application data is protected by enabling the appropriate security controls.
• Perform existing application s code review to identify gaps in the application security.
• Provide technical advisory for the weaknesses and vulnerabilities identified in application code.
• Liaise with compliance on the continual internal and external security assessments and audit reviews conducted by regulators and operators.
• Conduct application security risk assessment and liaise with IT security team in implementing security controls.
• Develop secure coding standards that are based on industry best practices such as OWASP Guide, SANS CWE Top 25, or CERT Secure Coding to address common coding vulnerabilities.
• Testing and identifying network and systems vulnerabilities.
• Daily administrative tasks, reporting and communication with the relevant departments in the organization.
• Act as an ambassador for DP World at all times when working; promoting and demonstrating positive behaviours in harmony with DP World s Founder s Principles, values and culture; ensuring the highest level of safety is applied in all activities; understanding and following DP World s Code of Conduct and Ethics policies
• Perform other related duties as assigned
QUALIFICATIONS, EXPERIENCE AND SKILLS
In order to give credible support to the organisation and be successful in this role, the ideal candidate will have the following:
• Bachelor s degree Computer science or equivalent.
• Minimum 5 to 8 years of experience Application Security, Cyber security or similar.
• Experience in application development & application security
• Excellent understanding and knowledge of common industry cyber security frameworks, standards and methodologies, including; OWASP, ISO2700x series, PCI DSS, GLBA, EU data security and privacy acts, FFIEC guidelines, CIS and NIST standards.
• Knowledge of web related technologies (Web applications, Web Services and Service Oriented Architectures)
• Knowledge of network/web related protocols
• Knowledge of OAUTH2, SAML, OpenID is a plus
• Mobile application security experience
• Solid understanding of OWASP Top 10 vulnerability assessment and mitigation
• Proven experience in identifying and responding to advanced attacker methodologies both within the corporate environment as well as external attack infrastructures, ideally with offensive experience and / or deception environment development (tripwire systems, honeypots, honey-token/accounts, etc.) using open source, vendor purchased and bespoke/in-house developed solutions.
• Knowledge of networks/web related protocols and technologies.
• Ability to orchestrate, manage and successfully implement major procedural and technological change within a complex and global organization.
• Excellent analytical skills
• Excellent verbal and written communication
•Industry recognized cyber security related certifications including; CEH, EnCE, SANS, CISSP, CISM, CRISC and/or CISA.
•Project Management experience.
REMUNERATION AND EMPLOYMENT BENEFITS
The employment benefits package is reflective of the location for this position.