Key Responsibilities & AccountabilitiesDrive the implementation and continuous improvement of the Secure Software Development Life Cycle (SSDLC), ensuring security requirements are integrated throughout the application lifecycle.Perform secure code reviews, application security assessments, API security reviews, threat modeling, and application architecture reviews to identify and mitigate security risks.Validate application security findings from SAST, DAST, penetration testing, and other security assessments, distinguishing true vulnerabilities from false positives and supporting risk-based remediation.Implement and optimize DevSecOps security controls within CI/CD pipelines, including:Static Application Security Testing (SAST)Software Composition Analysis (SCA)Secret ScanningInfrastructure as Code (IaC) ScanningContainer Security ScanningSBOM generation and validationEnhance automation of application security testing and integrate security controls into the software delivery pipeline.Assess software dependencies, open-source components, and third-party libraries to identify vulnerable or unsupported components and strengthen software supply chain security.Manage and coordinate penetration testing engagements with vendors and application owners, review assessment reports, validate findings, and track remediation activities through to closure.Support application owners and development vendors in implementing security best practices and remediating identified vulnerabilities.Assess and monitor the secure development practices of software vendors to ensure compliance with organizational security standards and contractual security requirements.Job SpecificationsEducation / Certifications:Bachelor's Degree in Computer/Communication Engineering, Computer Science, or a related discipline.Information Security-related certificates are a plus.Diploma in Cyber Security is a plus.Job Qualifications:Minimum 3-6 years of experience in Application Security, DevSecOps, or Secure SDLC.Proven experience in application security, including secure code reviews, vulnerability validation, penetration testing management, and application security remediation.Strong practical knowledge of Secure Software Development Life Cycle (SSDLC), Secure by Design principles, OWASP Top 10, Secure Coding Standards, Threat Modeling, API Security, and Web Application Security.Hands-on experience with application security technologies, including SAST, DAST, SCA, Secret Scanning, SBOM generation, and software dependency management.Experience working with DevOps and CI/CD platforms such as GitHub, GitLab, Azure DevOps, or Jenkins.Working knowledge of container technologies, including Docker, Kubernetes, Containers, and Infrastructure as Code (IaC).Strong understanding of Secure Design Principles, Authentication & Authorization, OAuth, OpenID Connect, JWT, Secrets Management, PKI, and cryptography basics.(Preferred) Experience with Checkmarx, Fortify, Veracode, SonarQube, Snyk, Mend (WhiteSource), GitHub Advanced Security, Trivy, Semgrep, or similar tools.(Preferred) Experience with AI-assisted secure code review and application security tooling.Soft Skills & Behavioral Competencies:Strong hands-on software development background with solid programming skills.Ability to work collaboratively with cross-functional teams.Analytical mindset with a focus on security best practices.Proactive problem-solving skills and attention to detail.Continuous learning attitude to stay updated with evolving security tools and practices.
AXA Egypt is one of the country's top insurance operators providing life health and non-life coverage to individuals and corporate clients through a multi-channel distribution model.
What you should know
Global Insurance Giant: Part of AXA Group one of the world's largest insurers with over $1 trillion in assets under management
Top Market Leader: Among the top 3 insurance players by premium volume in Egypt
Egypt's Top Corporates: Corporate health book covers employees at several of Egypt's largest companies
How they work
Risk decisions are data decisions — Pricing underwriting and reserving are grounded in actuarial discipline — intuition without data doesn't close here
Claims handling defines the brand — Selling a policy is table stakes; how the company behaves when a client actually makes a claim is what earns or loses trust