Connecting to LinkedIn...

Application Security Lead

Job Title: Application Security Lead
Contract Type: Permanent
Location: Reading
Industry:
Salary: Negotiable
REF: APPSL_1664897813
Contact Name: Amber Lowman
Contact Email: Amber.Lowman@projectpeople.com
Job Published: over 1 year ago

Job Description

Application Security Lead

Permanent, Hybrid

Reading

Leading Telecommunication Services Provider require a skilled Applications Security Lead to join their team in Reading.

Your duties and responsibilities:

  • Provide guidance on application security architecture, DevSecOps best practices & solutions to help business units to build & deliver solutions that meets security requirements
  • Develop threat models and maturity assessments that can be used to integrate security requirements into projects & operations
  • Create an application security observability framework to enable greater GSOC visibility by identifying best practices for logging within common application architectures
  • Define and conduct application security threat and risk assessments with methodology for all deployed solutions with ability to integrate into development pipelines
  • Conduct Secure SDLC (Software Development Life Cycle) workshops and working groups to facilitate a consistent set of security baselines for application security
  • Advocate for AppSec and DevSecOps from research conducted into modern threats and new technologies such containerisation and serverless computing
  • Liaise with security architects and other business units to communicate security practices and processes
  • Support identification, training, and partnership with champions for security across the client to build a security first culture
  • Support security champions by helping them assess risk, learn to identify architectural gaps, and similar activities
  • Support development of training related to application security, security architecture, threat modelling, and secure coding

Knowledge and experience

  • Experience with the full secure software or systems development life cycle, including requirements analysis, design, integration, testing, and implementation
  • In-depth knowledge of application security methodologies along governance processes and practices, including ISMS monitoring and control frameworks such as, ISO, ISF and COBIT, their relationships to other frameworks
  • Knowledge of Application Security, DevSecOps, integrating security into CI/CD
  • Hands on experience with application security testing tools and findings remediation
  • Experience collaborating with developers to explain testing vulnerabilities so they can be resolved
  • Experience with industry security standards and regulations (ISO 27001/02, NIST 800 series, GDPR, etc.)
  • Knowledge of security and risk management techniques as well as emerging threats and vulnerabilities
  • Knowledge of OWASP, Static and Dynamic Analysis, vulnerability management
  • Experience in software design, or knowledge of modern DevOps processes
  • Experience with application security in the Cloud - Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform
  • Ability to develop threat models and participate in security walk-throughs
  • Be able to lead multiple technology groups to ensure that the application, integration and security architectures are designed to meet evolving business requirements, standards for reliability, scalability and availability and align with the organization's technology and security roadmaps
  • Strong leadership and facilitation skills with an ability to build relationships with stakeholders
  • Excellent oral, written and interpersonal communication skills; proven ability and interest to conduct research, develop technical products in both written format and with presentations to subject matter experts and leadership
  • Highly self-motivated, self-directed and attentive to detail
  • A University Degree in engineering, computer science or similar technical related area, with a minimum of 6-8 years' experience in AppSec role
  • Relevant security certification(s), preferably in AppSec, including but not limited to CISSP, CCSLP, GIAC, OCSP, GPEN, etc. will be good to have

Please apply via this site in the first instance, or send a CV with a covering note to Amber.Lowman@projectpeople.com

Project People is acting as an Employment Business in relation to this vacancy

Project People is acting as an Employment Agency in relation to this vacancy.