Application Security Engineer
Duration: 26 weeks
Agency Reference: 6981910
Location: Reading (currently working from home)
A position has arisen for a Web Application Security Engineer/Specialist within a leading telecommunications provider based in Reading. You will be joining the Technology Architecture team, which is responsible for application security design, architecture, engineering and testing within a project capacity. The successful candidate must have extensive experience of Application Security.
Your duties will include:
· Responsible for security implementation of all projects within the Technology team
· Delivering high quality services and creative solutions across all application development platforms
· Carrying out code review of high-risk application code, working with the team developing the solutions
· Performing design reviews of new applications, products, and services to identify potential risks and recommend appropriate mitigations
· Performing security assessments/penetration testing of applications
· Performing post incident root-cause analysis and develop and implement strategies to prevent recurrence
· Creating technical security standards for relevant technologies
· Assisting with development and delivery of the organisations application security strategy
· Responsible for monitoring and driving Application Security Compliance during project lifecycle
· Working with stakeholders to implement security solutions and initiatives addressing new vulnerabilities
· Delivering the technical aspects through plan > design > build for project & compliance security testing
· Responsible for development of solutions to secure architecture requirements and standards
· Engage across multiple functions on a global level to ensure Code Development Lifecycles are in place and application verification is drive through all application development programs.
· Ensures accurate delivery progress reporting is completed and communicated to relevant stakeholders
Required Skills & Experience:
· Minimum 5 years’ hands-on experience of web and mobile application security. This could either be as an AppSec specialist within a security team, or as a developer with significant experience of securing and defending applications against real-world threats
· Experienced at identify security flaws in applications via architectural assessment and threat modelling
· In-depth knowledge of security aspects of at least two of the following:
- Modern web applications and related technologies (Angular, React, JQuery, Spring, etc.).
- Android and IOS mobile applications
- APIs and micro services
· Authentication/Authorization frameworks e.g. OAuth
· Knowledge of common infrastructure technologies used to deliver and support applications e.g. Linux, Windows, databases, load balancers, containerization, public/private cloud environments.
· Experience of manual security testing of applications using relevant tools (e.g. Burp suite, Nikto, SQLmap)
· Familiarity with common application related compliance requirements – GDPR, PCI-DSS, CAS-T