Application Security Engineer - Chesterton

• Build security into applications by conducting threat modeling and risk assessments during the design phase
• Define security requirements for new features and participate in architecture reviews to identify potential risks early
• Work closely with development teams to conduct secure code reviews and provide guidance on best practices
• Ensure alignment with CIS Critical Security Controls and the OWASP Top 10
• Collaborate with engineers to embed security into development workflows
• Perform hands-on security testing across various environments, executing Dynamic Application Security Testing (DAST) against live applications
• Focus on key issues such as cross-site scripting, SQL injection, and broken access control
• Utilize Interactive Application Security Testing (IAST) tools for runtime analysis and Static Application Security Testing (SAST) for source code assessment

Technologies:

• DevSecOps
• Java
• OWASP
• Python
• SQL
• Security

• Strong understanding of the secure software development lifecycle and DevSecOps principles
• Good knowledge of Application Security principles and common vulnerabilities (e.g., XSS, SQL Injection, Broken Access Control)
• Hands-on experience with DAST, IAST, and Penetration Testing tools (e.g., Burp Suite, OWASP ZAP, Frida) and Static Application Security Testing (SAST)
• Ability to read and understand code (e.g., Java, Python, C++ or similar)
• Familiarity with using software composition analysis (SCA) tools such as Blackduck, Mend / Whitesource, Snyk or similar
• Collaborative and pragmatic approach with strong communication skills

We are a market-leading software house based in Cambridge, offering a hybrid working model with the flexibility to work from home most of the time. Our remote access product is used by hundreds of millions of users worldwide. We provide a competitive salary of up to £70k, along with a bonus, pension, private medical care, life assurance, travel insurance, subsidised gym membership, and a range of other perks. At our company, we believe in fostering a diverse workplace where people can leverage their strengths and continuously learn.