Web Application Engineer

  • Job Reference: 6991080/001
  • Date Posted: 15 October 2020
  • Recruiter: Thames Valley
  • Location: Reading, Berkshire, England
  • Salary: £490 to £620 Per Day
  • Sector: Technology
  • Job Type: Contract
  • Duration: 26 weeks
  • Work Hours: Full Time

Job Description

Application Security Engineer

Duration: 26 weeks

Agency Reference: 6981910
Location: Reading (currently working from home)


A position has arisen for a Web Application Security Engineer/Specialist within a leading telecommunications provider based in Reading. You will be joining the Technology Architecture team, which is responsible for application security design, architecture, engineering and testing within a project capacity. The successful candidate must have extensive experience of Application Security.


Your duties will include:

·         Responsible for security implementation of all projects within the Technology team

·         Delivering high quality services and creative solutions across all application development platforms

·         Carrying out code review of high-risk application code, working with the team developing the solutions

·         Performing design reviews of new applications, products, and services to identify potential risks and recommend appropriate mitigations

·         Performing security assessments/penetration testing of applications

·         Performing post incident root-cause analysis and develop and implement strategies to prevent recurrence

·         Creating technical security standards for relevant technologies

·         Assisting with development and delivery of the organisations application security strategy

·         Responsible for monitoring and driving Application Security Compliance during project lifecycle

·         Working with stakeholders to implement security solutions and initiatives addressing new vulnerabilities

·         Delivering the technical aspects through plan > design > build  for project & compliance security testing

·         Responsible for development of solutions to secure architecture requirements and standards

·         Engage across multiple functions on a global level to ensure Code Development Lifecycles are in place and application verification is drive through all application development programs.

·         Ensures accurate delivery progress reporting is completed and communicated to relevant stakeholders


Required Skills & Experience:

·         Minimum 5 years’ hands-on experience of web and mobile application security. This could either be as an AppSec specialist within a security team, or as a developer with significant experience of securing and defending    applications against real-world threats

·         Experienced at identify security flaws in applications via architectural assessment and threat modelling

·         Programming knowledge in one or more of the following: PHP, Python, Objective C and Swift,C#, .net, Java, JavaScript, Perl

·         In-depth knowledge of security aspects of at least two of the following:

-        Modern web applications and related technologies (Angular, React, JQuery, Spring, etc.).

-        Android and IOS mobile applications

-        APIs and micro services

·         Authentication/Authorization frameworks e.g. OAuth

·         Knowledge of common infrastructure technologies used to deliver and support applications e.g. Linux, Windows, databases, load balancers, containerization, public/private cloud environments.

·         Experience of manual security testing of applications using relevant tools (e.g. Burp suite, Nikto, SQLmap)

·         Familiarity with common application related compliance requirements – GDPR, PCI-DSS, CAS-T