Lead Application Security Engineer

Spencer Rose Ltd
Bristol, United Kingdom
2 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior
Compensation
£ 100K

Job location

Bristol, United Kingdom

Tech stack

API
Amazon Web Services (AWS)
Continuous Integration
Github
Systems Development Life Cycle
Secure Coding
Systems Integration
Software Vulnerability Management
Software Organization
Software Security
Static Application Security Testing
Dynamic Application Security Testing

Job description

An impressive financial services business is looking to hire a Lead Application Security Engineer to support this team with the risk and remediation activities. This business is going through a big technology transformation programme that is estimated to take 3 -5 years. The successful Lead Application Security Engineer will be part of this journey and have great technical exposure and the ability to rapidly progress. Working closely in one of transformation projects, the successful Lead Application Security Engineer will work closely with the wider security and technology teams to define the strategy and roadmap of technology changes moving forward. This is very much a play-manager role with the Lead Application Security Engineer being hands on day to day but also providing support and guidance to the rest of AppSec team, * Support the existing team, providing mentoring and fostering a collaborative team environment

  • Take pragmatic risk-based approach to supporting the wider technology teams with the SDLC
  • Foster strong relationships with engineering, architecture, platform and platform management to provide practical risk appropriate guidance
  • Set the priorities for the AppSec team to make sure that the delivery of the AppSec services is impactful

Application Security Technical Authority

  • Act as the SME and for application security in the business and ensure that security controls are adopted early into the CI/CD pipelines
  • Own and run the DAST, SAST and other AppSec tooling to ensure effective coverage across all in scope applications
  • Create, roll out and maintain secure development practices and standards including threat modelling, secure coding practices for all applications and APIs
  • Collaborate with the Vulnerability Engineering Lead to support the identifications, triages, and remediation programs in alignment with risk appetite, appropriate prioritisation and agreed SLAs

Requirements

  • Experience in a similar role, in both responsibility and scale
  • Proven experience in Software Security Development or Application Security
  • Proven experience in leading/coaching a team
  • Hands on experience with implementing and operating AppSec tooling eg SAT and DAST, secret managements, and SCA
  • Extensive experiences of integrating security into the CI/CD pipeline eg using AWS DevOps or GitHub
  • Strong history of secure coding practices, threat modelling and vulnerability management in production
  • Strong understanding of modern software development practices

Apply for this position