Head of Application Security (2034/21) - Canary Wharf

£175,000 - IT/Information/Cyber Security
Ref: 27 Date Posted: Monday 11 Nov 2019
LinkedIn ShareShare

Position Summary:

Seeking a motivated and collaborative security leader to run our rapidly growing application security team and our secure development lifecycle program. The person in this role will also lead in building the application secure strategy, design, deployment, and operations of all of our systems. This role requires impeccable interpersonal skills as well as a deep understanding of architecture and products.  
The role holder must be technical and collaborative with an ability to influence technology leaders to build security into the Software Development Lifecycle.

Primary Responsibilities 

Create a relevant strategy and vision for application security to ensure the reduction of risk on the applications.
Refine and drive widespread adoption of our secure development lifecycle process 
Build partnerships with other development teams, be a source of expertise in security best practices. 
Recruit, mentor and grow your team of application security analysts 
Develop and deliver engaging and memorable security trainings 
Project manage all application security team initiatives and 
Manage enterprise wide penetration tests 
Provide detailed guidance and support to teams in application vulnerability remediation 
Guide your team in selecting and implementing automated application scanning, static analysis and related tools 
Perform threat modelling, architecture and source code reviews.
Provide application security guidance on cloud environments as well as non-cloud environments
Communicate relevant metrics and trends to the technology leadership team.
Ensure stakeholder satisfaction


Security leaders with deep empathy and a passion for helping others grow 
Generalists who love learning new things and concocting creative security solutions for novel and risky functionality 
5+ year of prior team lead or people management experience 
7+ years’ experience in some combination of the following disciplines: web application security, cloud security, infrastructure security, penetration testing, secure software development, security tools development, architecture review and threat modelling 
Experience with AWS, Java, Python, Ruby, and other modern open source languages and tools
Experience with static code analysis tools (Fortify)
Experience with dynamic code analysis tools (WebInspect)
Deep understanding of common web application attacks