Reporting to the Information Security and Compliance Director, the highly experienced Application Security Engineer will act as a technical expert in supporting the day to day activities of the department in order to maintain the confidentiality, integrity and availability of the organisations information assets.
Help to design/innovate, deploy and manage security controls in a highly secure global SaaS organisation, that has multiple certifications such as PCI DSS, ISO/IEC 27001, SOC & HIPAA.
Carrying out activities such as SIEM, vulnerability scanning, penetration testing, secure code review, endpoint protection, security detection in multiple SaaS environments.
Work closely with the Architecture and the Operations teams to embed security into activities and projects, based on our standards. Develop an effective working partnership with DevOps/Devs, to ensure security good practices are embedded into their processes/pipeline.
More than 350 global brands rely on our client to make multi-channel customer communications more meaningful, while also helping them simplify their processes and operate more efficiently. Headquartered in London and New York our client serves its customers from offices located across North America, Europe, and Asia Pacific.
The responsibilities of the role include:
- Activities such as SIEM, vulnerability scanning, penetration testing, secure code review, endpoint protection, security detection in multiple SaaS environments.
- Monitoring, actioning and reporting on security events
- Tracking and remediating information security vulnerabilities
- Reporting on the status of information security and compliance across the business
- Supporting the team in compliance and information security activities for certification requirements
Must have skills/experience:
- Security certifications (CEH, CISSP)
- Able to evidence extensive experience of managing security solutions (SIEM, IPS, IDS, Vulnerability Scanning, Penetration Testing, Secure Code Scanning) directly, or through an MSSP, in a cloud-based environment
- Good experience with scripting languages, such as Java, PowerShell, Windows Shell Script etc..
- Windows Infrastructure and Linux Experience
- AWS Application Security Experience
- Clear and adaptable communication skills
- The ability to work independently, use your own initiative and to think creatively – as well as having a collaborative and team-oriented attitude.
- Tools experience: Alert Logic, Secureworks, Veracode, Qualys
- Experience with frameworks such as ITIL, COBIT 5
For more information, or if you’re interested in having an informal chat regarding the role please contact Thom Taylor on 01908 030131 or firstname.lastname@example.org