Application Security Engineer

We are seeking an experienced Application Security Engineer to join our team and play a crucial role in ensuring the security of our applications and software systems. You will assess and mitigate security risks in our applications, conduct security code reviews, implement security best practices, and collaborate with development teams to enhance our application security posture. You will perform vulnerability assessments, recommend remediation actions, and ensure compliance with industry best practices and standards.

The ideal candidate has strong knowledge of secure coding practices, application vulnerabilities, and security assessment tools.

• Application Security Assessment: Conduct thorough security assessments of applications, including web, mobile, and desktop applications, to identify vulnerabilities and potential security risks. Perform static code analysis, dynamic application testing, and manual code reviews to uncover security weaknesses and recommend appropriate remediation actions.
• Vulnerability Management: Identify and prioritise application vulnerabilities based on risk levels and potential impact. Collaborate with development teams to ensure timely resolution of identified vulnerabilities and track the progress of remediation efforts. Develop and implement vulnerability management processes and procedures.
• Security Code Review: Review application code to identify security flaws, design weaknesses, and deviations from secure coding best practices. Provide guidance and recommendations to development teams on secure coding techniques, libraries, and frameworks to ensure the development of secure and resilient applications.
• Security Architecture and Design: Collaborate with software architects and development teams to embed security controls and mechanisms into application designs. Participate in the design and implementation of secure software architectures, ensuring that security requirements and industry best practices are incorporated from the early stages of the development lifecycle.
• Security Testing and Automation: Develop and implement automated security testing tools and frameworks to enhance the efficiency and effectiveness of security assessments. Conduct penetration testing and vulnerability scanning to identify potential vulnerabilities and ensure the security robustness of applications.
• Security Awareness and Training: Contribute to the development and delivery of security awareness and training programs for development teams. Promote a culture of secure coding practices, providing guidance on secure coding standards, secure software development methodologies, and emerging security trends.
• Incident Response and Forensics: Assist in incident response activities related to application security incidents. Collaborate with incident response teams to investigate and analyse security incidents, perform forensic analysis, and recommend improvements to prevent future incidents.
• Security Compliance and Standards: Stay up to date with industry security standards, regulations, and frameworks relevant to application security. Ensure compliance with security standards such as OWASP, PCI DSS, and GDPR, and participate in security audits and assessments as required.

• Bachelor's degree in Computer Science, Information Security, or a related field
• Strong knowledge and understanding of application security principles, secure coding practices, and common vulnerabilities
• Hands-on experience with application security assessment tools
• Experience in performing security code reviews and manual application penetration testing
• Solid understanding of secure software development lifecycle (SDLC) methodologies
• Knowledge of secure coding practices for web and mobile applications
• Understanding of cloud security concepts and technologies (AWS, Azure, or similar)
• Excellent leadership and delegation skills; influencing and managing activities as part of a cross functional areas to plan and execute effective delivery
• Excellent communication skills, with a strong ability to effectively communicate both internally and externally at levels up to Director and C Suite, and ability to make complex technology problems simple to the business. Must be capable of understanding and communicating the big picture
• Strong negotiation skills with proven ability to maintain relationships with stakeholders and to influence stakeholders in support of project delivery
• Strong analytical and problem-solving skills, with the ability to assess risks and propose effective security solutions
• Robust relationship management, capable of working with all levels within the organisation by building effective relationships
• Highly motivated, driven, pragmatic and completely focused on project delivery for business benefit