Description

We are looking for a passionate and experienced hands-on Senior Application Security Engineer who will work alongside our engineering and development teams to provide advice and guidance on appropriate application security practices to keep our customers safe. This will include taking ownership of and directing the implementation of pragmatic, sensible security solutions and processes. The successful applicant will also be responsible for setting the direction of application security through the definition of policies and standards. The position also involves identification of opportunities to establish and take ownership of key application initiatives. The Cyber Security team is full of experienced operators who enjoy the challenge that comes with working for a fast-growing digital organisation, are passionate about protecting our customer data, and know how to have fun while doing it. We’re looking for a like-minded individual to be part of the team Duties Include: Drive the application security strategy. Educate, align and onboard highly technical development teams to drive a shared vision of application security that empowers our developers to build and release trustworthy products and services to our customers. Plan, build and run a custom, and mostly automated, Secure SDLC program for development teams. Work with technology leadership to enable a collaborative application security ecosystem that is driven by the development teams in partnership with the application security Partner with development teams to enable them to reduce application security backlog and build applications/services that are fundamentally secure in design. Stay across emerging security threats, countermeasures, and their application to the environment. Provide pragmatic forward-thinking recommendations to maintain and continually strengthen our security profile. Maintain security policy and standards for the secure development and operation of customer and internal products and systems, enabling effective protection of sensitive information. About You Senior level experience working with product development, software and/or security engineering. Extensive experience in roles focused on application or product security. Highly Desirable: Must understand fundamentals of secure software engineering. Appreciation of the fact that running more tools does not equate to more security. Understanding of technologies and security considerations within digital, mobile/web development and across enterprise environments. High level of comfort with secure application design and threat modeling approaches. Experience writing production level code will be a huge benefit. Experience with AWS Cloud technologies, and with working with DevOps/Agile ways of working. Awareness of emerging security trends, including threats and countermeasures Working knowledge of industry good practice including OWASP, PCI-DSS, ISO27001, NIST