Principal Application Security Engineer - Retail - London
Our retail client operates a truly modern, API-first, micro-service focused software house. The company is one of the largest users of Microsoft Azure and as such they are able to adapt early to many of the new features released by Microsoft.
As one of their two Principal Application Security Engineers you will work closely with the lead to define and drive the application security strategy, including threat modelling strategy, creating coding and config standards, take key part in decisions around secure development tooling, developer training and much more.
Key responsibilities and abilities:
- Willing to adapt to API-first microservices software craftmanship
- Application Security Tooling and Strategy – Static code analysis, Dynamic Code analysis. Overall strategy for integration of tools into our CI/CD pipeline.
- Train Developers in defensive programming
- Train Security Champions in SDLC and work closely with them to make sure software is secure
- Help to threat model our entire estate and then incremental threat modelling on micro service level as we go on
- Perform architectural analysis and security code reviews
- Review SAST and DAST reports, providing mitigation and remediation guidance
- The ability to articulate mitigation and development techniques
- Ability to design and develop securely engineered solutions for Proof of Concept
3-6 month contract based in London.