Connecting to LinkedIn...

Application Security Lead

Job Title: Application Security Lead
Contract Type: Permanent
Location: Reading
Industry:
Salary: bonus, car allowance, pension
Start Date: ASAP
REF: SB/PERM/ASL_1661442259
Contact Name: Sneha Betharia
Contact Email: sneha.betharia@projectpeople.com
Job Published: over 1 year ago

Job Description

Role: Application Security Lead

Type: Permanent

Location: Reading (Hybrid)

We have an exciting opportunity for Application Security Lead with one of our telecom clients.

Your duties and responsibilities:

  • Provide guidance on application security architecture, DevSecOps best practices & solutions to help business units to build & deliver solutions that meet company's security requirements
  • Develop threat models and maturity assessments that can be used to integrate company's security requirements into projects & operations
  • Create an application security observability framework to enable greater GSOC visibility by identifying best practices for logging within common application architectures
  • Define and conduct application security threat and risk assessments with methodology for all deployed solutions with ability to integrate into development pipelines
  • Conduct Secure SDLC (Software Development Life Cycle) workshops and working groups to facilitate a consistent set of security baselines for application security
  • Advocate for AppSec and DevSecOps from research conducted into modern threats and new technologies such containerisation and serverless computing
  • Liaise with security architects and other business units to communicate company's security practices and processes
  • Support identification, training, and partnership with champions for security across company to build a security first culture
  • Support security champions by helping them assess risk, learn to identify architectural gaps, and similar activities
  • Support development of training related to application security, security architecture, threat modelling, and secure coding

Knowledge and Experience required:

  • Experience with the full secure software or systems development life cycle, including requirements analysis, design, integration, testing, and implementation
  • In-depth knowledge of application security methodologies along governance processes and practices, including ISMS monitoring and control frameworks such as, ISO, ISF and COBIT, their relationships to other frameworks
  • Knowledge of Application Security, DevSecOps, integrating security into CI/CD
  • Hands on experience with application security testing tools and findings remediation
  • Experience collaborating with developers to explain testing vulnerabilities so they can be resolved
  • Experience with industry security standards and regulations (ISO 27001/02, NIST 800 series, GDPR, etc.)
  • Knowledge of security and risk management techniques as well as emerging threats and vulnerabilities
  • Knowledge of OWASP, Static and Dynamic Analysis, vulnerability management
  • Experience in software design, or knowledge of modern DevOps processes
  • Experience with application security in the Cloud - Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform
  • Ability to develop threat models and participate in security walk-throughs
  • Be able to lead multiple technology groups to ensure that the application, integration and security architectures are designed to meet evolving business requirements, standards for reliability, scalability and availability and align with the organization's technology and security roadmaps
  • Strong leadership and facilitation skills with an ability to build relationships with stakeholders
  • Excellent oral, written and interpersonal communication skills; proven ability and interest to conduct research, develop technical products in both written format and with presentations to subject matter experts and leadership
  • Highly self-motivated, self-directed and attentive to detail
  • A University Degree in engineering, computer science or similar technical related area, with a minimum of 6-8 years' experience in AppSec role
  • Relevant security certification(s), preferably in AppSec, including but not limited to CISSP, CCSLP, GIAC, OCSP, GPEN, etc. will be good to have

If this looks interesting, click on APPLY!

Project People is acting as an Employment Agency in relation to this vacancy.