Application Security Manager - Octopus by RTG

Who we are;

Octopus is proud to be part of the Robusta Technology Group (RTG), a leading tech group. With a decade of experience and a successful track record of delivering over 300 projects across Europe, the Middle East, and North America, RTG has established itself as a preferred employer in the Egyptian market. Octopus and Robusta are building a bridge between Europe and Africa, creating tailored hub solutions to connect companies with top talent across the globe.

Octopus is specialized in rapidly assembling remote onsite global tech teams that are fully aligned with the culture and practices of a particular brand. By providing tailored hubs to suit its clients needs, Octopus gives companies all the advantages of remote work and offshoring without all the negatives.

You will be working with an Egypt-based grocery delivery startup, founded in 2017, rapidly grew from a local bakery service to a full-scale platform offering thousands of daily essentials delivered in under an hour. Backed by over $33M in funding, it operates across major Egyptian cities and is expanding regionally with a strong tech-driven supply chain.

Role Objective

The Application Security Manager will be responsible for developing and maintaining a robust application security program, ensuring the secure design, development, and deployment of applications across Breadfast. This role will drive security best practices, integrate security into DevOps processes, and align security strategies with business and compliance requirements.

Key Roles Responsibilities

1. Application Security Strategy Governance

• Develop, implement, and maintain the organization's application security program.
• Establish and enforce secure coding standards and best practices.
• Define security requirements for applications and ensure compliance with ISO 27001, PCI-DSS, OWASP, and other regulatory standards.
• Conduct regular risk assessments, threat modeling, and code reviews.
• Lead the adoption of SecDevOps practices, ensuring security is embedded in CI/CD pipelines.

1. Security Assessments Vulnerability Management

• Oversee static (SAST) and dynamic (DAST) security testing for applications.
• Manage manual and automated security testing tools such as SonarQube, Checkmarx, Veracode, or Burp Suite.
• Identify, prioritize, and remediate application vulnerabilities based on risk impact analysis.
• Drive secure third-party integrations and API security assessments.
• Ensure regular penetration testing and red teaming exercises are conducted on applications.

1. Collaboration Security Awareness

• Work closely with software development and DevOps teams to build security-first applications.
• Conduct security training and awareness programs for developers on secure coding practices.
• Collaborate with business and compliance teams to ensure security policies align with business objectives.
• Act as a technical advisor on security architecture for new and existing applications.

1. Incident Response Threat Management

• Lead incident response efforts related to application security breaches.
• Investigate and mitigate security incidents, ensuring a root cause analysis is conducted.
• Establish secure logging, monitoring, and anomaly detection mechanisms for applications.
• Define security controls for cloud-based and on-premises applications.

1. Compliance Reporting

• Ensure application security measures align with regulatory and compliance frameworks.
• Generate security reports for management, outlining key risks, vulnerabilities, and remediations.
• Stay updated on emerging threats and evolving security technologies.

Requirements

Required Experience, Education, Knowledge, and Skills

• 7+ years of experience in Application Security.
• Bachelor's degree and/or master’s degree in cyber security, information security, computer engineering, computer science, or a related field.

Core Knowledge Skills

• Web Application Penetration Testing (WAPT)
• Mobile Application Penetration Testing (MAPT)
• Secure Software Development Lifecycle (S-SDLC)
• Threat Modelling
• Secure Source Code Review (SSCR)
• SecDevOps

Preferred Certifications

• EC-Council: E|CDE, C|ASE .NET, C|ASE JAVA, W|AHS
• INE Security: eWPT, eWPTX, eMAPT
• The SecOps Group (TSOG): CAP, CAPen, CAPenX, CMPen-Android, CMPen-iOS
• GIAC: GWAPT, GMOB
• Offensive Security (OS): OSWA, OSWE
• Practical DevSecOps (PDSO): CDP, CDE, CTMP, CASP, CSSE

Mile2: C)SWAE

Benefits

• Social and Medical Insurance
• Annual Bonus

Originally posted on Himalayas