Application Security Engineer

Posted 03 February 2022
Salary£60,000 per annum
LocationUnited Kingdom
Job type Permanent
DisciplineCyber Defence
Reference32753
Contact NameRyan Keeley

Job description

 Role Purpose

Our client is built around small development teams utilising a modern, cloud-based technology stack to deliver applications software. The AppSec Engineer will work with product and engineering teams to ensure security is assured throughout the software development lifecycle. We are looking for engineers that have touched on software development, security engineering, application engineering.

Job Description:

Lead

  • Assist in running the champion programme across the development teams

  • Educate developers in relevant security topics

  • Instruct and guide developers on how to conduct Threat Modelling during application Design

  • Lead application and code security reviews

Design

  • Build functional and non-functional requirements for the application in conjunction with the product team

  • Input abuse case stories into the product backlog

  • Evangelise security across the product team, ensuring security stories are prioritised against feature goals

  • Assess SDLC security gap risks and propose remedies

Consult

  • Be the main point of contact for security issue that arise from the development processes

  • Give development teams advice on technical security issues

  • Provide input into the design of security controls

  • Run Security Champion sessions involving developers and making sure their security knowledge stays up to date

Engineer

  • Work with the engineering teams to include security tooling into the CI/CD pipeline (DAST, SAST, SCA, etc)

  • Create security tests for software and help developers in building security tests.

Innovation

  • Research projects, including prototyping, to explore future opportunities that will benefit the company

  • Optimise the infrastructure deployment process through use of automation, in-house and open source solutions

  • Self-Development and Growth

  • Develop new skills by working with other members of the team

  • Work with the Team Lead to identify training goals

  • Lead and partake in technical discussions within the team

  • Actively identify and complete opportunities for self-training and external training

  • Drive the team’s process of continual improvement

What we are looking for:

  • Knowledge of Application topics (common vulnerabilities, mitigations, tooling)

  • Understanding of the Software Development Life Cycle