JOB DETAILS

Expert Application & Product Security

CompanyJazzWorld
LocationIslamabad
Work ModeOn Site
PostedApril 21, 2026
About The Company
Pakistan’s number one digital operator and the largest internet and broadband service provider with over 70 million subscribers nationwide. With a legacy of more than 27 years, Jazz maintains market leadership through cutting-edge, integrated technology, the strongest brands and the largest portfolio of value added services in the industry. Housing a nation-wide network of contact centers and an unparalleled fibre optic backbone of more than 25,000 kilometers, Jazz has already invested billions of dollars in the country to date. It also provides uninterrupted countrywide connectivity, unmatched customer services and international roaming in over 150 countries. As a responsible entity, the company passionately supports education, health and environmental initiatives and promotes sustainable business practices. Jazz offers exclusive & personalized tariff plans that empower customers and cater to the communication needs of a diverse group of people, from individuals to businessmen to corporate and multinationals. Through its innovative services and products, Jazz is set to bring about a digital revolution that will enable and transform societies towards a more progressive Pakistan.
About the Role

Grade: L2

Location: Islamabad

Last date to apply: 26 April 2026

What is Expert Application & Product Security?

Expert Application & Product Security is responsible to drive secure design, development, and deployment of digital products. This role is responsible for embedding security across the software development lifecycle (SDLC), securing APIs and microservices, and ensuring products are resilient against evolving cyber threats.

Main responsibility of this role is to safeguard software applications for potential threats & vulnerabilities by analyzing and effectively testing implementation of different application security controls to protect organization’s digital footprint from cyber threats.

The role reports directly to the Stream Head Cyber Security with an extended team of 11 team members.

 

What does Expert Application & Product Security?

1.     Define and lead the Application Security (AppSec) strategy across all products

2.     Establish secure SDLC (SSDLC) frameworks and governance

3.     Develop policies, standards, and secure coding guidelines

4.     Align AppSec with enterprise risk management and business objectives

5.     Conduct threat modelling (STRIDE, attack trees) for applications and platforms

6.     Review and approve secure architectures for:

a.      Web and mobile applications

b.     APIs and microservices

c.      Cloud-native platforms

7.     Enforce best practices based on OWASP standards (Top 10, ASVS, API Top 10)

8.     Integrate security into CI/CD pipelines:

a.      SAST, DAST, SCA, IAST

9.     Automate security testing and policy enforcement

10.  Work closely with DevOps teams to implement “shift-left” security

11.  Define security gates and release criteria

12.  Secure externally exposed products and services

13.  Implement API security controls:

a.      Authentication (OAuth2, JWT)

b.     Rate limiting, bot protection

14.  Protect against:

a.      Injection attacks

b.     Broken authentication

c.      Business logic abuse

15.  Secure Android/iOS applications:

a.      Reverse engineering protection

b.     Runtime protection (RASP)

c.      Secure storage & communication

16.  Conduct mobile app security testing

17.  Implement API gateways and secure API lifecycle management

18.  Conduct secure coding training for developers

19.  Provide remediation guidance and best practices

20.  Build a security-first culture within software engineering teams

 

JazzWorld is an equal opportunity employer. We celebrate, support, and thrive on diversity and are committed to creating an inclusive environment for all employees.

What are we looking for and what does it require to be Expert Application & Product Security?

  • BS/MS in CyberSecurity/Information security/Information Technology
  • Practical experience of application security in Banking / Telco sector

·       At least 04 years of experience in security design and penetration testing of mobile applications & APIs

·       Functional

o   Ability to organize, plan and document tasks;

o   Ability to manage internal & external stakeholders;

o   Possess good logical and analytical skills to help in analysis of Cyber Security risks

·       Technical

o   Strong expertise in:

§  Web application security (OWASP Top 10)

§  API security and microservices

§  Authentication & authorization models

o   Experience with manual penetration testing

o   Hands-on with:

§  SAST: Checkmarx, Fortify, SonarQube

§  DAST: Burp Suite, OWASP ZAP

§  SCA: Snyk, Black Duck

o   Understanding of:

§  Java, .NET, Node.js, Python (at least one deeply)

§  CI/CD pipelines (Jenkins, GitLab, GitHub Actions)

o   Familiarity with Infrastructure as Code (Terraform, etc.)

o   Lead and mentor Application Security Testers

o   Define KPIs and performance metrics

o   Stakeholder management across Dev, QA, Product, and Risk teams

Why join JazzWorld?

As a certified Top Employer, JazzWorld reflects workplace standards benchmarked against leading global organizations, demonstrating our commitment to creating an environment where people can thrive and perform at their best. Our teams are driven by the belief that every JazzWorld employee should be inspired to live better every day, enabled by forward-looking leadership, an open culture, meaningful work, and continuous opportunities to learn and grow.

Our core values - Customer Obsession, Truthful, Innovation, Collaboration, and Entrepreneurial shape how we think, decide, and lead. They encourage us to challenge convention, act with accountability, work as one team, and create solutions that truly matter for our customers and communities.

As Pakistan's largest digital operator, JazzWorld serves over 100 million through connectivity, digital services, financial inclusion, entertainment, and insurance. Joining us means being part of transformation at a national scale; expanding access, unlocking opportunity, and building a more connected digital future.

At JazzWorld, everything we do is rooted in one shared ambition. This purpose defines how we work, the progress we enable, and the difference we strive to make every day a Better Life For All.

Key Skills
Application SecurityPenetration TestingSecure SDLCOWASP Top 10API SecurityMicroservicesSASTDASTSCAThreat ModellingCloud-native PlatformsDevOpsJavaPythonCI/CD PipelinesInfrastructure as Code
Categories
TechnologySecurity & SafetySoftwareEngineering
Job Information
📋Core Responsibilities
The Expert Application & Product Security is responsible for driving secure design, development, and deployment of digital products by embedding security across the SDLC. This role safeguards software applications against cyber threats by implementing security controls and conducting rigorous testing.
📋Job Type
full time
📊Experience Level
2-5
💼Company Size
13934
📊Visa Sponsorship
No
💼Language
English
🏢Working Hours
40 hours
Apply Now →

You'll be redirected to
the company's application page