Senior Application Security Engineer

Senior Application Security Engineer - AppSec, Threats, Testing
GBP80,000
Midlands with home working

An Application Security Engineer is required to assist in the build and growth of an Application Security function with the UK division of a global financial services firm. This role will based from my clients head office in the Midlands, but offers flexibility around working from home. The Application Security Specialist will be responsible for collaborating closely with application developers and engineering teams through threat assessment and secure design as part of my client's global Application Security programme.

My client are one of the largest banks in the U.S, and are looking to increase their Information Security presence within the UK market. They have over 60 million customers and are looking to increase their market share rapidly over the next 3 years. They have recently undergone a large internal Agile project as well as moving their business towards a digital focus. My client have consistently been named one of the best places to work in the UK and Europe for a number of years.

The Role
Information Security is an integral part of my client's corporate culture. It is essential to maintaining their position as a leader in the finance industry, and it is the responsibility of each and every employee to safeguard information, protect it from unauthorised access, and ensure regulatory compliance.

You will instill a culture that works toward the highest standards in application security engineering whilst ensuring that business requirements are adhered to, and security risks in new and existing applications are properly understood and mitigated.

Job Scope
- Provide leadership and hands on direction during the design and development of applications utilising a threat-based approach to support the business strategy
- Partner with all relevant stakeholders to embed application security requirements as part of their programs and strategy
- Help drive my client's competitive advantage by facilitating the development of secure web and mobile applications
- Collaborate closely with colleagues within the wider global Information Security organisation and technology departments

Responsibilities
- Assist with the creation, adoption, and maturation of threat modelling and application security requirements functions and processes
- Coordinate and execute threat modelling activities during agile iterations
- Provide targeted application security requirements based on design, threats, and industry best practices
- Empower delivery team resources by promoting application security awareness and standards through training, mentoring, and Communities of Practice
- Influence delivery teams in the prioritisation of security activities and issue remediation
- Evaluate and recommend new and emerging application security products and technologies in coordination with the global Application Security group
- Coordinate the maintenance of the UK application inventory and risk profiles with delivery teams
- Perform manual code reviews, open source software evaluations, and tests as needed
- Establish credibility throughout the organisation by earning the reputation for being a proactive leader, positive disrupter and change agent
- Provide recommendations to the local management team to increase security effectiveness of organisation and technology solutions

Background
- Extensive knowledge and demonstration of experience in securing web applications, mobile apps, and APIs/web services
- Strong knowledge of application security best practices including OWASP Top 10 and OWASP Mobile Top 10, along with an engineering oriented background
- Strong knowledge of web and mobile application security testing frameworks and methodologies
- Experience conducting threat modelling exercises for web and mobile E-commerce applications
- Experience with enterprise application security and open source security tools including HP Fortify Source Code Analyzer (SCA), HP Software Security Center (SSC), HP WebInspect, BurpSuite, and Sonatype CLM
- Experience and familiarity working across the global cyber security community
- Technical knowledge in software engineering, system and network security, authentication and security protocols, cryptography, and network/web related protocols (eg, TCP, UDP, HTTP, HTTPS)
- Knowledge of/experience with international compliance requirements/standards (PCI-DSS, GLBA, SOX, UK DPA) and other security regulation requirements
- Certifications such as CISSP, CSSLP, or appropriate SANS Certifications such as GWEB highly desirable
- Ability to travel as needed

Minimum Qualifications
- Undergraduate degree in computer science, electrical engineering, information science, or a related technical discipline (or equivalent)
- Extensive experience in application security engineering
- Experience developing web and mobile applications preferred

- Let's find the career that connects with your life.

Badenoch & Clark is acting as an Employment Agency in relation to this vacancy. Badenoch & Clark is an Equal Opportunity Employer and a registered Disability Symbol User.