Address
Form of work
SalaryApplication Security Engineer (AppSec Engineer)
My client within financial services is looking for an Application Security Engineer, who will be responsible for defining and maintaining consistent Secure Software Development Life-cycle practices for all of my client's technology projects throughout the planning and delivery cycles, assuring the mitigation of Application Security vulnerabilities. You will help to define and improve the global Application Security programs and services; you will eventually lead the team, as well as sharing your knowledge and expertise with other colleagues.
In this position, you are expected to be a passionate and talented Application Security Engineer with a very deep understanding of OWASP, CWE 25, data protection, access management software vulnerabilities, best practices design and threat modeling skills. You must be dedicated and able to work with developers in a dynamic environment to produce secure code in short time frames.
Experience
- Deep understanding of OWASP Top 10 and CWE 25; with proven track record and experience in implementing and integrating remediation strategies
- Any experience of Integrating SAST/DAST/SCA scanners. Performing secure code reviews. Threat-modeling, Penetration testing APIs/web/mobile apps, managing Bug-bounty program
- Excellent understanding of web applications, web servers, layer 7 application technologies, frameworks and protocols with respect to application development and deployment
- Well versed in web application design, penetration testing, application risk assessment and risk categorisation
- Web Application: Vulnerability Assessment and Penetration Testing Network Vulnerability Assessment and Penetration Testing
- Well versed (experience preferred) with driving and implementing secure development practices in to SDLC (SSDLC); ability to successfully integrate security into a developer's world
- Success in implementing effective Secure SDLC frameworks across a large corporation.
- Ability to effectively present and communicate security threats and risks to any audience and impress upon them the mitigation techniques and strategies
- Familiar with waterfall and agile development processes and have experience integrating secure development practices into both models.
- Familiar with code management system (e.g.: BitBucket), CI/CD system (e.g.: Jenkins), Docker, Kubernetes, microservice architecture, OAuth 2.0, OpenID Connect.
- Deep knowledge and experience in using SAST, DAST, IAST, SCA and fuzz testing tools
- Highly effective communicator; well-honed influencing and negotiating skills
- Solid problem solving and analytical skills; able to quickly digest any issue/problem encountered and recommend an appropriate solution.
- Any experience of working within financial services, banking, fintech would be useful
This is a permanent role paying between £85,000 - £100,000 base. This will be a hybrid role based in the London office with a requirement of at least 2 days in the office.
Sponsorship can be provided for the applicant only (no dependents) for this role. This applies to candidates who are already working and based in the UK and not living overseas.
Please note you will receive an automated response advising you that we have received your CV.
Morgan Philips Group is a global talent solutions business that disrupts conventional thinking in executive search, recruitment and talent consulting. We operate in over 18 markets in Europe, North & South America, Asia, and the Middle East & Africa. We understand that the future is digital and social, so we embrace the latest technology, including video ads and CVs, as well as social recruiting. Our innovative services are tailored to the new world of work yet we do not lose sight of the fact that employees be they existing and potential are ultimately human beings.
We are committed to ensuring that all job applicants are treated equally, without discrimination because of gender, sexual orientation, marital or civil partner status, gender reassignment, race, colour, nationality, ethnic or national origin, religion or belief, disability or age.
