We聽are聽seeking聽a聽proactive and collaborative聽Application Security聽Engineer聽who聽speaks the language of developers, thrives in聽the聽purple team聽space and is an automation advocate.聽The successful聽candidate聽will work closely with engineering聽& IT聽teams to聽enhance the security of our applications,聽API鈥檚聽and infrastructure by implementing聽preventative controls and聽identifying聽risks through security testing.聽
You Will:
-
Act as a聽security champion to foster the secure by design approach across the聽business.聽
-
Support the identification and analysis of聽web application聽security vulnerabilities聽across the business聽to reduce risk.聽
-
Oversee daily management of聽application聽security platforms to聽maintain聽comprehensive coverage,聽ensure聽compliance聽and remediation of findings.聽
-
Conduct threat modelling and review聽application聽architectures聽to聽identify聽potential risks聽early in the SDLC.聽
-
Implement application security controls and proactive measures to prevent security incidents.聽
-
Implement聽and manage聽SAST/SCA tooling across our application repositories聽to聽identify聽source code risks.聽
-
Scale聽automated DAST聽solutions聽across our applications聽to聽maximise聽testing coverage聽and provide visibility into runtime security posture.聽
-
Provide security guidance and remediation advice to engineers where applicable.聽
-
Carry out聽penetration聽testing on internally developed applications聽to聽identify聽security聽defects.聽
-
Review and assess the security of third-party vendor applications聽through configuration and hardening reviews.聽
-
Validate remediation of聽security聽issues by the development team聽and 3rd聽parties.聽
-
Coordinate and arrange external penetration testing assessments to聽independently聽evaluate the security of our applications.聽
-
Build and聽maintain聽effective collaboration with development and IT teams.
#LI-Hybrid