Application Security Consultant

About the role

The Application Security Consultant will evaluate the security posture of web, mobile and enterprise applications used by government entities. The role focuses on identifying vulnerabilities, providing remediation guidance, and ensuring alignment with Saudi cybersecurity regulations.

Key responsibilities

• Assess security of applications, APIs, integrations and data flows.
• Identify vulnerabilities, misconfigurations and architectural risks.
• Perform security testing using SAST, DAST and basic penetration testing tools.
• Conduct risk assessments, classify findings and track remediation.
• Map findings to NCA Essential Cybersecurity Controls, SAMA Cybersecurity Framework, PDPL and NDMO requirements.
• Promote Secure SDLC (SSDLC) and support DevSecOps integration in Azure DevOps pipelines.
• Prepare assessment reports, remediation recommendations and present findings to technical and non‑technical stakeholders.

Required profile

• Bachelor’s degree in Cybersecurity, Computer Science or a related field.
• 8+ years of experience in application security or cybersecurity consulting.
• Experience in regulated or government environments is preferred.
• Relevant certifications such as CISSP, CEH, OSCP, CSSLP or ISO 27001 Lead Implementer/Auditor are a plus.

Required skills

• Strong knowledge of OWASP Top 10 and application security principles.
• Hands‑on experience with SAST and DAST tools (e.g., Burp Suite, Fortify, Snyk).
• Familiarity with Secure SDLC and DevSecOps practices.
• Experience with Azure cloud services and Azure DevOps pipelines.
• Understanding of Saudi cybersecurity regulations (NCA, SAMA, PDPL).