||London, Newcastle or Edinburgh
||Lead Security Architect
The IT Security team are responsible for a range of activities across traditional IT Security domains including Security Event Monitoring, Vulnerability Management, Endpoint Security controls, Data Loss Prevention and Network Management & Security design. With a split between Security & Network Operations and Security Architecture the collective team is very much technically focused.
IT Security works closely with the Information Security and Operational Risk & Audit teams to maintain a strong security & risk posture and effective operation and monitoring of key IT controls relative to these areas.
Bridging between the Technical Security & Security Architecture specialisms, you will act as Specialist within the focus of Web & Application Security – Ensuring the security of our Client, Colleague and Company data by proactively managing risks around our Web Application environments and data security considerations.
Driving uplift of Security across our Application life cycle is key and this is not a one-size fits all approach. Your experience of complex Security technical operating environments is where value can be brought.
Independence of thought and highly self-driven are key expectations. An individual can influence others in Technical Security language and when applicable business risk language is also a key skill within this role.
As an Application Security Specialist, you will work as the subject matter expert on all matters related to Web & Application Security.
The Application Security Specialist role includes, but not limited, to the following responsibilities:
• Perform Web / Application security reviews and recommendations where required to improve
• Perform installation, configuration, monitoring, operational and support for Web / Application security tooling
• Architect, Design and Implement Web / Application Security technical controls consummate to Information Security classification and Risk outcomes.
• Continued development and maintenance of systems, procedures and documentation supporting Web Application security including vulnerability management
• Working closely alongside Integration and Development teams providing support on Web Application Security matters
• Review ongoing and proposed technical change projects to identify opportunities for reuse and process improvement within Web / Application realm
• Contributing to Security Architecture principles across Web Application domain
• Perform Web Application Threat modelling
• Supporting Penetration Testing activities
• Educated to university degree level is desirable; A-levels or their equivalent is a minimum expectation
• General or vendor-specific IT security qualifications expected, but demonstrable experience and knowledge is also equally important.
• Demonstratable experience of complex Data Security considerations linked to Web Application design, deployment and testing aligned to Security and Privacy by Design.
• Working within a regulated environment and financial services organisation would be beneficial but not an absolute requirement.
Required skills are:
• Good knowledge of IT security principles
• Good IT technical knowledge
• Excellent understanding of Web Application Security concepts and principles
• Excellent understanding of web specific security risks, common vulnerabilities for Web and Mobile applications.
• Excellent understanding of Data Security & Privacy by design principles.
• Able to work well both in a team and independently.
• A focused, methodical, and rigorous approach
• Strong organizational skills
• A mature, collaborative and professional attitude is essential
• Must be self-motivated and comfortable in driving initiatives forward
• Flexible – priorities and assignments will vary so candidates need to be able to re-organise and re-focus quickly
Preferred skills are:
• Knowledge and experience of Microsoft Azure Cloud stack and security controls
• Experience of assessing SaaS / hosted applications and migration support
• Securing API’s best practice.
• Web Application / Application Pen Testing
• Exposure to agile software development methodologies and practices