Lead Application Security Engineer

Salary: up to £100,000 + Excellent Benefits Package

Location: UK (Remote)

A global organisation with its headquarters in the UK are looking for an Application Security Engineer be a leader within Software Security / Application Security. This individual will be responsible to create and develop the application security capabilities as part of the SDLC. The organisation are global specialists in digital identity.

This organisation enable fast and simple customer onboarding whilst reducing risk of fraud and work with many of the world’s leading organisation. They balance the growing need of a frictionless digital customer experience with the increasing risk of fraud and financial crime.

The Lead Application Security Engineer will be experienced in Software level security and will be responsible for embedding security controls and processes within the SDLC. This individual will be part of a group that is responsible for improving the organisations Software Security posture and maturity. They will have the opportunity to effect real change across the development organisations by designing and implementing Application Security controls and best practices.

Responsibilities

• Part of a team that is responsible for the overall software security posture of the organisation.
• Working closely with development and operational teams to design, implement/recommend application security controls.
• Assess and identify gaps in current application security controls and provide guidance to resolve and remediate based on risk to the business.
• Work with the DevOps teams to establish and design processes to improve the secure development of products and move to a DevSecOps culture.
• Lead threat modelling and security design activities alongside development teams.
• You will be expected to model/evaluate likely threat vectors during the development of new product features.
• Act as a security champion within the organisation to promote a security-focused culture within the SDLC and will be responsible to educate DevOps teams in security best practices.
• Working with the CI/CD pipeline to install software security controls and processes.
• Be a Security evangelist on secure design best practices and principles.
• Work with 3^rd parties to support vulnerability and penetration testing.
• Process reports from external penetration testing. Co-ordinate feedback with relevant teams to ensure actions are followed to mitigate identified risks.

Requirements

• Knowledge of Application Security Frameworks e.g. OWASP, SAMM/DSOMM etc
• Hands on knowledge of information security processes such as security design review, threat modelling, software testing techniques, risk analysis, OWASP top 10 etc
• Knowledge in the security around web applications
• Knowledge of agile methodologies
• Knowledge of CI/CD pipelines
• Knowledge of backend and frontend  web application vulnerabilities
• Experience working in GCP / Azure / AWS
• Familiar with industry security standards (ISO27001, NIST etc)
• Profession Security certification is preferred
• Development experience is preferred, but not a must

If you believe you have the skills and experience and would like to be considered for this position as an Application Security Engineer, please apply today.

Alternatively, if this role is not for you but you do know somebody who would be interested please refer him or her. We have a referral bonus scheme and will reward you with retail vouchers for referrals who are not already known to us.

Due to the high volume of applications received, if you do not hear from us within 7 working days, I am afraid your application has been unsuccessful.

Acumin – RSR Digital is member of the Red Snapper Group.

The Red Snapper Group acts as an employment agency (permanent) and as an employment business (temporary) - a free and confidential service to candidates.

The Red Snapper Group is an equal opportunities employer.