Application Security Test Engineer

Client Server
Cambridge, United Kingdom
3 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Compensation
£ 70K

Job location

Remote
Cambridge, United Kingdom

Tech stack

Java
Software System Penetration Testing
Burp Suite
C++
Code Review
Python
Open Web Application Security
Software Engineering
SQL Injection
Software Security
Cross-Site Scripting (XSS)
Devsecops
Static Application Security Testing
Dynamic Application Security Testing

Job description

As an Application Security Test Engineer you'll play a key role in building security into applications, carrying out threat modelling and risk assessments during the design phase to ensure solutions are secure by default. You'll help define security requirements for new features and take part in architecture reviews to spot and address potential risks early.

Working closely with development teams, you'll carry out secure code reviews and provide guidance on best practices, including alignment with CIS Critical Security Controls and the OWASP Top 10, collaborating with engineers to embed security into development workflows rather than treating it as an afterthought.

You'll be hands-on with security testing across a range of environments, running Dynamic Application Security Testing (DAST) against live applications, focusing on issues such as cross-site scripting, SQL injection and broken access control. You'll also use Interactive Application Security Testing (IAST) tools for runtime analysis, including tools such as Burp Suite, OWASP ZAP and Frida, alongside Static Application Security Testing (SAST) and software composition analysis to assess source code, binaries, and third-party dependencies., You can work from home most of the time, meeting up with colleagues in the Cambridge office on a weekly / monthly basis.

Requirements

  • You have a strong understanding of the secure software development lifecycle and DevSecOps principles
  • You have a good knowledge of Application Security principles and common vulnerabilities (e.g., XSS, SQL Injection, Broken Access Control)
  • You have hands-on experience with DAST, IAST and Penetration Testing tools (e.g., Burp Suite, OWASP ZAP, Frida) and Static Application Security Testing (SAST)
  • You can read and understand code (e.g. Java, Python, C++ or similar)
  • You're familiar with using software composition analysis (SCA) tools such as Blackduck, Mend / Whitesource, Snyk or similar
  • You're collaborative and pragmatic with great communications skills

Benefits & conditions

You could be joining a market leading software house that's remote access product is used by hundreds of millions of users worldwide.

What's in it for you:

  • Salary to £70k
  • Bonus
  • Hybrid working
  • Pension, Private Medical Care, Life Assurance, Travel Insurance
  • Subsidised gym membership and a range of other perks

Apply for this position