About KATIM
KATIM is a leader in developing innovative secure communication products and solutions for governments and businesses. As an integral part of the Electronic Warfare & Cyber Technologies cluster at EDGE, one of the world’s most distinguished advanced technology groups, KATIM stands as a beacon of trust in an ever-evolving landscape where cyber risks are a constant menace.
Our aim is to satisfy the growing demand for advanced cyber capabilities by delivering resilient, secure, end-to-end solutions across four fundamental business units: Networks, Ultra Secure Mobile Devices, Applications, and Satellite Communications.
With a global presence spanning from our headquarters in Abu Dhabi to offices in the UAE and Finland, KATIM empowers organisations worldwide with the unwavering assurance that their mission-critical information and communications remain private and secure, no matter the circumstance.
Welcome to KATIM, where innovation and security converge to redefine the way you protect your most valuable assets in the digital world.
We are looking for three full time Security Engineer with Security Engineering background who will be responsible for planning and delivering in depth security assessments across a variety of products and services.
Key Responsibilities
• Size, scope and execute security assessments across a broad range of software modules. Mobile applications, cloud services and infrastructure
• Define security requirements and metrics for various components of our solutions
• Analyse applications to understand how they work, where they have weaknesses and demonstrate how identified vulnerabilities can be exploited by developing Proof-of-Concepts
• Identify & document misuse cases, build detailed Threat models and refine the security controls needed
• Build detailed security test plans and define security test cases
• Perform in-depth security assessments using results from static and dynamic analysis
• Perform in-depth security assessments leveraging results from other assessments such as static, dynamic, pen testing, red team operations, bug bounty, responsible disclosure and etc.
• Create testing tools to help engineering teams identify security-related weaknesses
• Perform peer-reviews of security requirements, assessments, test plans and other artifacts
• Propose mitigations for the security vulnerabilities identified in the Digital14 products
• Collaborate with engineering teams to help them triage and fix security issues
• Raise awareness of our developers to security best practices
• Work closely with our Engineering teams to gain in-depth knowledge of our systems
• Keep yourself abreast of new TTPs (Tactics, Techniques & Procedures) of the attackers, mimic them in your security assessments and/or quickly react to new threat scenarios to provide continuous security assurance
• Mentor junior members of the team in software security as a role model
Experience and Education Qualification
• Bachelor’s or Master’s degree in Computer Science or related field (e.g. Electrical Engineering)
• 8+ years industry experience with 5+ years in IT security in one or more of the following areas: software/product security assessments, penetration testing, red teaming, web application assessments
• Software development experience in any of these languages: C/C++, C#, Java, JavaScript, PHP, Objective C)
• Foundation in computer architecture, network, web technologies, Operating Systems or embedded systems
• Understanding of various software security vulnerabilities, threats and attack vectors on different environments, reverse engineering and mitigation techniques
• Experience in binary analysis, debugging and exploit development and the relevant mitigation techniques for various class of vulnerabilities
• Understanding of cryptography, protocol analysis, threat modeling, vulnerability research and fuzzing
• Understanding of iOS or Android Internals on Application as well as OS/kernel level
• Aptitude for self-study, setting and achieving long term goals (for example, learning an unfamiliar programming language)
• Ability to effectively assess and communicate risks and appropriate levels of urgency to management and engineering staff
• Proficiency with one or more programming languages, preferably Java, Python or C/C++
• Ability to perform manual source code reviews in one of the aforementioned languages, or assisted review with code analysis tools such as CodeQL
• Experience navigating and working with extremely large codebases is also highly desirable
• Experience using common security assessment tools and techniques in one or more the following categories:
• Experience with SAST, DAST, SCA, IAST tools;
• Proficiency in performing mobile, desktop & web application assessment (iOS, Android, Desktop and Web)
• Understanding and experience on various cybersecurity technologies on Microservices and DevSecOps practices
• Experience with modern development practices and tools like git, Kubernetes, Elasticsearch etc.
• Experience with threat modelling frameworks such as STRIDE PASTA and VAST
• Experience working with Security Maturity Model framework (e.g. BSIMM, SAMM, BSA)
• Reverse Engineering and debugging codebase with the objective to find security gaps/vulnerabilities
• Proficiency in Fuzzing techniques to inject invalid, malformed, or unexpected inputs into a system to reveal software defects and vulnerabilities.
• Proficiency in advanced Mobile, API, Infrastructure, Web Application penetration testing to find vulnerabilities such as insecure Java/PHP/PHAR deserialization, XXE, HTTP desynchronization, cryptography weaknesses (exploiting ECB Shuffling, CBC Bit Flipping and etc.), Mass assignments, template injections, HTTP/2 and HTTP/3 protocol issues and etc.
• Knowledge of common vulnerabilities in different types of software and programming languages, including a) How to test for them b) How to exploit them c) What mitigations can be used and d) How to classify them
Key Skills
• Excellent organizational, presentation, verbal, and written communication skills
#KATIM
