Application Security Lead

Role: Application Security Lead

Location: Reading/Hybrid

Length: Permanent

A leading telecoms company are looking for an experienced Application Security Lead to join their team based in Reading.

Responsibilities:

• Provide guidance on application security architecture, DevSecOps best practices & solutions to help business units to build & deliver solutions that meet security requirements.
• Develop threat models and maturity assessments that can be used to integrate security requirements into projects & operations.
• Create an application security observability framework to enable greater GSOC visibility by identifying best practices for logging within common application architectures.
• Define and conduct application security threat and risk assessments with methodology for all deployed solutions with ability to integrate into development pipelines.
• Conduct Secure SDLC (Software Development Life Cycle) workshops and working groups to facilitate a consistent set of security baselines for application security.
• Advocate for AppSec and DevSecOps from research conducted into modern threats and new technologies such containerisation and serverless computing.
• Liaise with security architects and other business units to communicate security practices and processes.
• Support identification, training, and partnership with champions for security across to build a security first culture.
• Support security champions by helping them assess risk, learn to identify architectural gaps, and similar activities.
• Support development of training related to application security, security architecture, threat modelling, and secure coding.

Experience & Skills:

• A University Degree in engineering, computer science or similar technical related area, with vast experience in an AppSec role.

• Relevant security certification(s), preferably in AppSec, including but not limited to CISSP, CCSLP, GIAC, OCSP, GPEN, etc.

• You have knowledge and proven experience within Information security, Application security (OWASP), Cloud security, and secure continuous delivery.
• Experience with the full secure software or systems development life cycle, including requirements analysis, design, integration, testing, and implementation.
• A deep technical background in large-scale multi-tenant & container based cloud environments.
• Comfortable with large codebases that are using multiple languages and infrastructure as code.
• You are comfortable delving into code when needed, review pull requests and stay close to the team's work.
• A good understanding of business needs and objectives.
• Ability to drive change and take initiative in a self-sufficient way.
• Understanding of Agile development and systems thinking.
• Experienced in defining a strategy to follow and adopting that strategy across large multi-role teams.
• Outstanding interpersonal skills, and ability to build strong relationships across a dynamic, growing team.
• Can provide pragmatic technical leadership for a group of fast moving engineers.

Project People is acting as an Employment Agency in relation to this vacancy.