Senior Application Security Consultant

About the role

The Senior Application Security Consultant will evaluate the security of web, mobile and enterprise applications for government entities, ensuring alignment with Saudi cybersecurity regulations. The role involves performing security assessments, guiding secure development practices, and delivering actionable remediation advice.

Key responsibilities

• Assess security of applications, APIs, integrations and data flows.
• Identify vulnerabilities, misconfigurations and architectural risks.
• Perform security testing using SAST, DAST and basic penetration testing tools.
• Conduct risk assessments, classify findings and track remediation.
• Evaluate compliance with NCA Essential Cybersecurity Controls, SAMA Cybersecurity Framework, PDPL and NDMO requirements.
• Promote Secure SDLC (SSDLC) and integrate security into CI/CD pipelines (DevSecOps) within Azure environments.
• Prepare detailed assessment reports, remediation roadmaps and present findings to technical and non‑technical stakeholders.

Required profile

• Bachelor’s degree in Cybersecurity, Computer Science or a related field.
• 8+ years of experience in application security or cybersecurity consulting.
• Strong analytical, problem‑solving and documentation skills.
• Consulting mindset with ability to communicate effectively with diverse audiences.

Required skills

• Deep knowledge of OWASP Top 10 and application security principles.
• Experience with SAST and DAST tools such as Burp Suite, Fortify and Snyk.
• Understanding of Secure SDLC and DevSecOps practices.
• Familiarity with Azure cloud services and Azure DevOps pipelines.
• Knowledge of Saudi regulations: NCA Essential Cybersecurity Controls, SAMA Cybersecurity Framework, PDPL and NDMO.