Application Security Consultant

Position Overview:

The Application Security Consultant assesses the security of applications and digital environments within government entities and provides recommendations to improve security posture and compliance.

The role includes application security assessments, architecture reviews, vulnerability analysis, and aligning systems with Saudi cybersecurity regulations. The consultant will also support SSDLC and DevSecOps practices, particularly in Azure environments.

Key Responsibilities:
• Security Assessment & Architecture
• Assess security of web, mobile, and enterprise applications
• Identify vulnerabilities, misconfigurations, and architectural risks
• Review application architecture, APIs, integrations, and data flows
• Evaluate authentication, authorization, and data protection mechanisms
• Security Testing & Risk Management
• Perform security testing (SAST, DAST, basic penetration testing)
• Conduct risk assessments and classify vulnerabilities based on severity, likelihood, and impact
• Validate remediation and track closure of security findings
• Compliance & Governance
• Evaluate compliance with:
• NCA Essential Cybersecurity Controls (ECC)
• SAMA Cybersecurity Framework (CSF) (if applicable)
• PDPL and NDMO requirements
• Map findings to regulatory controls and support audit readiness
• Contribute to governance, risk, and compliance (GRC) activities
• SSDLC & DevSecOps
• Promote and assess Secure SDLC (SSDLC) practices
• Support integration of security into CI/CD pipelines (DevSecOps)
• Review and recommend security configurations in Azure DevOps and cloud environments
• Reporting & Advisory
• Prepare security assessment and risk reports
• Provide remediation recommendations and improvement roadmaps
• Present findings to technical teams and stakeholders
• Support implementation of security controls
• Qualifications:

Education & Experience
• Bachelor’s degree in Cybersecurity, Computer Science