Working for a security vendor, the Security team are accountable for the company’s Information Security, Security Architecture, Security Compliance, Security Awareness, Security Operations and Information Security Risk Management Activities. You’ll work closely with development and operational teams to design, implement/recommend application security controls.
This is a new role for the company requiring a passion for cyber security and a hands-on development background to create and develop the application security capabilities as part of the SDLC. Ideally you will have a background in software development.
Main tasks and responsibilities:
- Assess and identify gaps in current application security controls and provide guidance to resolve and remediate based on risk to the business
- Working with the DevOps teams, establish and design processes to improve the secure development of products and services during the SDLC
- Provide guidance and support during development and rollout of new product features by understanding their requirements and model/evaluate likely threat vectors
- Provide security expertise and guidance to the Development Teams
- Promote a security-focused culture as part of the SDLC, educating DevOps teams in security best practices
- Conduct/Lead threat modelling and security design activities alongside Dev/Engineering Teams
- Work with 3rd parties to support vulnerability and penetration testing
- Process reports from external penetration testing vendors and coordinate feedback with teams to ensure actions are followed to mitigate identified risks
- Software engineering background is a must with knowledge of Application Security Frameworks e.g. OWASP SAMM/DSOMM etc
- Hands-on knowledge of information security processes such as security design review, threat modelling, OWASP Top 10, risk analysis, and software testing techniques
- Strong understanding of application security awareness, including the security of web applications
- Experience with risk management activities – identifying, assessing and providing remediation options for application and technology risks
- Knowledge of Agile methodologies is a must
- Knowledge of backend and frontend web application vulnerabilities
- Knowledge of OWASP Top 10, SANS Top 25 etc
- Experience working in AWS/Azure/GCP would be beneficial
- Knowledge of Ci/CD pipelines
- Thorough understanding of SAST, DAST (including fuzzing), endpoint and perimeter scanning etc.
- Familiarity with industry security standards (ISO27001, NIST, CCM etc)
- Network and infrastructure experience.
- API gateway security, WAF and IDS, SSO, SAML etc
- At least one professional security certification e.g. CISSP, CEH, GCIH, GCFA , CSSLP etc or working towards
- Excellent analytical skills with the ability to see the bigger picture
- Excellent communication skills with the ability to influence multiple stakeholders
- Ability to self-motivate and define priorities to meet deadlines
- Good team-oriented interpersonal skills, with the ability to interface effectively with a broad range of people and roles
- Ability to effectively present and communicate security threats and risks to any audience and impress upon them the mitigation techniques and strategies
- Competitive salary & flex bens
- Flexible locations / remote