Our client, a global provider of IT services, requires Application Security Engineers for 3-month rolling contracts which will be based in one of the following cities: Manchester, London, Gloucester, Edinburgh or Bristol. Some remote working is available.
We are looking for candidates with at least 6 years' experience as an Applications Security Engineer.
- Provide the following capabilities as required by the project or determined by the work load alignment:
- Security Architecture
o Security Engineering and Design
o Security Consultancy
- Work with the engineering lead and project architect to deliver a security solution
- Analyse security risk within each design as appropriate to the scope and ensure that all interested stakeholders are informed or consulted where necessary.
- Design security controls in compliance with group-wide security standards and configuration workbooks
- Where necessary support the project in articulating waivers related to security design decisions taken.
- Take the lead on security architecture decisions and issues where the problem scenario is not covered by a pattern or standard. Seek guidance from Security Specialists where appropriate
- Collaborate with alternative technical resources with the goal of supporting projects in the production of design documentation e.g. Technical Solution Designs (TSD's) or security documentation where necessary.
- Ensure that the drivers of Cost, Pace and Quality are maintained during production of or contribution to design artefacts.
- Provide security design engineering effort that leads to the creation of high quality solutions that comply with all relevant group-wide policies and Security Standards.
- Provide security support for assigned projects at review committees, boards or forums in order to facilitate the project through governance.
- Provide support for projects as they move into the delivery stage at a level suitable to ensure that the solution is implemented as per the design. Ensure the solution is taken back through governance where the design has changed during the implementation cycle.
The candidate should have technical experience and demonstrable skill in one or more of the following areas:
- Application security including web applications, SaaS services etc
- Static and Dynamic Security testing tools experience
- Review and recommend mitigations for application vulnerability reports.
- Secure by design principles
- Guide development teams from the security requirements
- Scope the penetration testing and review/triage the reports
- Comfortable with the OWASP and SANS top vulnerabilities
- In-depth knowledge on the CI/CD pipeline integrations and pipeline
- Any prior application programming experience would be helpful
- API authentication, authorization, CRUD definitions
- Comfortable to understand and respond high level queries related to REST, SOAP, JSON, XML