Expert Application & Product Security

Grade: L2

Location: Islamabad

Last date to apply: 26 April 2026

What is Expert Application & Product Security?

Expert Application & Product Security is responsible to drive secure design, development, and deployment of digital products. This role is responsible for embedding security across the software development lifecycle (SDLC), securing APIs and microservices, and ensuring products are resilient against evolving cyber threats.

Main responsibility of this role is to safeguard software applications for potential threats & vulnerabilities by analyzing and effectively testing implementation of different application security controls to protect organization’s digital footprint from cyber threats.

The role reports directly to the Stream Head Cyber Security with an extended team of 11 team members.

What does Expert Application & Product Security?

1.     Define and lead the Application Security (AppSec) strategy across all products

2.     Establish secure SDLC (SSDLC) frameworks and governance

3.     Develop policies, standards, and secure coding guidelines

4.     Align AppSec with enterprise risk management and business objectives

5.     Conduct threat modelling (STRIDE, attack trees) for applications and platforms

6.     Review and approve secure architectures for:

a.      Web and mobile applications

b.     APIs and microservices

c.      Cloud-native platforms

7.     Enforce best practices based on OWASP standards (Top 10, ASVS, API Top 10)

8.     Integrate security into CI/CD pipelines:

a.      SAST, DAST, SCA, IAST

9.     Automate security testing and policy enforcement

10.  Work closely with DevOps teams to implement “shift-left” security

11.  Define security gates and release criteria

12.  Secure externally exposed products and services

13.  Implement API security controls:

a.      Authentication (OAuth2, JWT)

b.     Rate limiting, bot protection

14.  Protect against:

a.      Injection attacks

b.     Broken authentication

c.      Business logic abuse

15.  Secure Android/iOS applications:

a.      Reverse engineering protection

b.     Runtime protection (RASP)

c.      Secure storage & communication

16.  Conduct mobile app security testing

17.  Implement API gateways and secure API lifecycle management

18.  Conduct secure coding training for developers

19.  Provide remediation guidance and best practices

20.  Build a security-first culture within software engineering teams

JazzWorld is an equal opportunity employer. We celebrate, support, and thrive on diversity and are committed to creating an inclusive environment for all employees.

What are we looking for and what does it require to be Expert Application & Product Security?

• BS/MS in CyberSecurity/Information security/Information Technology
• Practical experience of application security in Banking / Telco sector

·       At least 04 years of experience in security design and penetration testing of mobile applications & APIs

·       Functional

o   Ability to organize, plan and document tasks;

o   Ability to manage internal & external stakeholders;

o   Possess good logical and analytical skills to help in analysis of Cyber Security risks

·       Technical

o   Strong expertise in:

§  Web application security (OWASP Top 10)

§  API security and microservices

§  Authentication & authorization models

o   Experience with manual penetration testing

o   Hands-on with:

§  SAST: Checkmarx, Fortify, SonarQube

§  DAST: Burp Suite, OWASP ZAP

§  SCA: Snyk, Black Duck

o   Understanding of:

§  Java, .NET, Node.js, Python (at least one deeply)

§  CI/CD pipelines (Jenkins, GitLab, GitHub Actions)

o   Familiarity with Infrastructure as Code (Terraform, etc.)

o   Lead and mentor Application Security Testers

o   Define KPIs and performance metrics

o   Stakeholder management across Dev, QA, Product, and Risk teams

Why join JazzWorld?

As a certified Top Employer, JazzWorld reflects workplace standards benchmarked against leading global organizations, demonstrating our commitment to creating an environment where people can thrive and perform at their best. Our teams are driven by the belief that every JazzWorld employee should be inspired to live better every day, enabled by forward-looking leadership, an open culture, meaningful work, and continuous opportunities to learn and grow.

Our core values - Customer Obsession, Truthful, Innovation, Collaboration, and Entrepreneurial shape how we think, decide, and lead. They encourage us to challenge convention, act with accountability, work as one team, and create solutions that truly matter for our customers and communities.

As Pakistan's largest digital operator, JazzWorld serves over 100 million through connectivity, digital services, financial inclusion, entertainment, and insurance. Joining us means being part of transformation at a national scale; expanding access, unlocking opportunity, and building a more connected digital future.

At JazzWorld, everything we do is rooted in one shared ambition. This purpose defines how we work, the progress we enable, and the difference we strive to make every day a Better Life For All.