Senior Application Security Engineer

We are seeking a Senior Application Security Engineer to own the security of all applications developed and operated at the organization, including in‑house systems, mobile apps, APIs, and third‑party integrations. The role acts as the security gatekeeper across the software development lifecycle, with authority to block releases carrying critical vulnerabilities, in coordination with the Cybersecurity Department and Product Delivery Squads.

• Operate SAST, DAST, and SCA tools across all in‑house developed applications.
• Perform security code reviews and provide actionable remediation guidance to developers.
• Review security architecture of new features, applications, and integrations during the design phase.
• Coordinate application penetration tests and VAPT engagements; track findings to closure.
• Own API and mobile application security including authentication, authorization, and secret handling.
• Act as the security release gate with authority to block production releases carrying critical vulnerabilities.
• Embed with Product Delivery Squads to provide threat modelling and secure‑by‑design coaching.
• Manage application‑level vulnerability triage, prioritization, remediation tracking, and reporting.
• Produce audit and compliance evidence for regulators, internal audit, and external assessors.

• Bachelor's degree in Computer Science, Software Engineering, Cybersecurity, or a related field.
• 5+ years of application security or secure development experience, financial sector experience preferred.
• Strong expertise with SAST, DAST, and SCA tooling and CI/CD pipeline integration.
• Proven experience in manual code reviews, threat modelling, and secure architecture reviews.
• Solid knowledge of OWASP Top 10, ASVS, and MASVS; familiar with API and mobile app security.
• Knowledge of SAMA Cyber Security and IT Governance Frameworks.
• Certifications are highly preferred (OSCP, OSWE, GWAPT, CSSLP, CISSP).