Sorry, this advert is now closed. Click here to view our live vacancies.

Lead Application Security Engineer - City of London

IT/Information/Cyber Security
Ref: 168 Date Posted: Monday 11 Sep 2023
Location:                London
Work pattern        Hybrid,  In the office 3 days per week.
Reports to             Head of Product Security
Salary:                   £90,000 to £100,000 + 10%
The Role
We are seeking an experienced and highly skilled Lead Application Security Engineer to join our team and spearhead the Product Security Life Cycle. In this critical role, you will collaborate closely with product teams, develop threat models, coordinate penetration tests, and facilitate the resolution of security  issues. Your expertise will be crucial in developing and maintaining our application security pipeline automation while ensuring compliance with industry standards and best practices.
•             Establish and maintain strong relationships with product engineering teams, providing guidance on application security processes and objectives.
•             Create comprehensive threat models and attack trees for our products, identifying potential vulnerabilities and areas for improvement.
•             Manage the penetration testing process, working closely with third-party testers to generate detailed reports, recommend remediation strategies, and effectively communicate results to development teams and product owners.
•             Ensure product risk levels align with business requirements and oversee the creation of risk memorandums with product owner sign-off.
•             Collaborate with audit teams to guarantee compliance with relevant regulations and standards.
•             Support GRC initiatives by conveying risk levels, enabling informed decisions on retesting schedules and priorities.
•             Serve as a SME for product security, providing insights and recommendations to enhance overall security posture.
Required Experience & Qualifications
•             Strong background in Application Security techniques and best practices
•             Proficiency in threat modelling and risk assessment methodologies
•             Solid understanding of Software Development principles
•             Experience with programming languages such as Bash, Python, Node, and TypeScript
•             Knowledge of penetration testing processes and report generation
•             Expertise in leading security assessments within AWS environments
•             Familiarity with development tools (e.g., Git, Jenkins, Maven)
•             Hands-on experience with security testing tools, including Snyk, Checkmarx, Nikto, and Nmap
•             Proficiency in SAST, DAST, and SCA vulnerability triage and assessment
•             Agile project management experience (e.g., Jira)