Application Security Engineer
Information Security believes that just saying " No " ultimately leads to people finding ways of working around, instead of working together. This ultimately leads to a less secure environment. We want to create a culture of " Yes " and enable our developers to remain agile and be able to deliver secure products for the business.
Our development team believes that code is craft, writing software is a creative endeavor, and that the work we do is part of what makes our organization successful. We believe that small, empowered teams can do amazing things. We also believe in always picking the right tool for the job instead of using something " because that' s what we' ve always done. "
We use a number of technologies in our projects, including:
- Microsoft Azure
- Jira, Confluence, and Bitbucket
- PHP with Zend Framework, Slim, and Doctrine 2
- Bootstrap, Semantic UI and Ant Design
- SQL Server, MariaDB, and ElasticSearch
- REST & GraphQL APIs with OpenAPI (formerly Swagger)
- Automated testing tools, including PHPUnit, Behat, Jest, Karma and Jasmin
As an Application Security Engineer, you will ensure that any software developed by our Development team, meets our overall security standards and protects XXXXX' s information. You will lead all Application Security activities and be the driving force behind building out activities such as threat modelling, security automation in our continuous integration pipeline, code reviews, security standards, and creating our Security
What you' ll do?
- Work with many functional teams to build out a DevSecOps pipeline and ensure that XXXXX' s applications are secure
- Support Development to carry out application security reviews
- Provide expert advice and consultancy to our Development, Testing and DevOps teams on risk assessment, threat modelling and
- fixing vulnerabilities
- Lead application security projects to ensure timely completion of efforts
- Drive security into XXXX' s systems development life cycle to ensure that security is built in and considered
- Create security policies, standards, and procedures
- Evaluate new and emerging security products and technologies
- Run vulnerability scans and penetration tests through to mitigation