Connecting to LinkedIn...

Senior Application Security Engineer

Job Title: Senior Application Security Engineer
Contract Type: Permanent
Location: Nottingham, United Kingdom
REF: 1400
Contact Name: Teo Rusu
Job Published: 5 months ago

Job Description

Senior Application Security Engineer – 65k-70k + bens - Nottingham

The client is on a mission to help customers succeed by bringing ingenuity, simplicity, and humanity to banking.
Information Security is an integral part of the corporate culture. It is essential to maintaining our position as an industry leader in electronic payments, and it is the responsibility of every employee to safeguard information, protect it from unauthorized access, and ensure regulatory compliance.

The successful candidate will work closely with the UK Application Security group to build and drive the Application Security Engineering function. This function will be responsible for collaborating closely with Software Engineering teams through penetration testing, static analysis, security automation, security training and secure design. This role within Application Security must instill a culture that works toward the highest standards in application security engineering whilst ensuring that business requirements are understood and adhered to, and security risks in new and existing applications are properly understood and mitigated.

This position reports to the UK Head of Application Security and can be based at a location that is appropriate for the right candidate.

Job Scope and Responsibilities:

  • Provide hands on direction during the design and development of applications to support the business strategy
  • Partner with stakeholders to embed application security requirements as part of their programs and strategy
  • Collaborate closely with colleagues within the wider Global Information Security organisation and technology departments as well as the UK business to establish effective, productive relationships
  • Implement security automation and assist with code reviews and open source software evaluations
  • Must have a strong knowledge of web and mobile application security testing frameworks and methodologies, and familiarity working across the Global Cyber Security Community
  • Empower the delivery team’s resources by promoting application security awareness and standards through training, hacker-thons, mentoring and vulnerability demos
  • Must have excellent interpersonal, facilitation, and leadership skills along with effective communication (both written and verbal) skills
  • Provide targeted application security requirements based on design, threats, industry best practices and policy.
  • Influence delivery teams in the prioritisation of security activities and issue remediation
  • Evaluate and recommend new and emerging application security products and technologies in coordination with the Global Application Security group
  • Coordinate the maintenance of the UK application inventory and risk profiles with delivery teams

Minimum Qualifications and Requirements.

  • Must have extensive knowledge and experience in securing and developing web applications, mobile apps, and APIs/web services
  • Must be skilled at mentoring and communicating goals and other corporate initiatives and driving to results
  • Must have an Undergraduate degree in Computer Science, Electrical Engineering, Information Science, a related technical discipline, or equivalent work experience
  • Extensive experience in penetration testing and/or application security engineering in a must
  • A strong knowledge of application security best practices including OWASP Top 10 and OWASP Mobile Top 10, along with an engineering oriented background is expected.
  • Must have experience with enterprise application security and open source security tools including HP Fortify Source Code Analyzer (SCA), HP Software Security Center (SSC), HP WebInspect, Checkmarx, BurpSuite, OWASP Zap etc.
  • Technical knowledge in software engineering, system and network security, authentication and security protocols, cryptography, and network/web related protocols (e.g., TCP, UDP, HTTP, HTTPS)
  • Knowledge of/experience with international compliance requirements/standards (PCI-DSS, GLBA, SOX, UK DPA) and other security regulation requirements
  • Certifications such as CSSLP, CREST, OSCP, OSCE or appropriate SANS Certifications desirable
  • Ability to travel as needed.

For immediate consideration please contact Teo Rusu on 01908 886030 or email