You will work with third party security providers and with business division Information Security Officers, developers, coders and testers to identify application security requirements. You will perform threat modelling for high risk applications to ensure security requirements meet the continually evolving threat and business landscape, and collaborate with application teams for appropriate remediation actions.
Delivering essential services and activities that have a real impact on their business and their customers lives is pivotal to my client. They enable their teams to do what they do best, contributing to delivering a great customer service, profitability and strategic growth.
- Support the CISO Office in the development of application security policies and standards, to help ensure that control requirements are aligned with industry good practice and regulatory expectations.
- Collaborate with application owners and other key business stakeholders to develop, review and maintain an up-to-date inventory of applications used across the business.
- Work with business division Information Security Officers, developers, coders and testers to identify application security requirements and promote secure application development from the onset of a project, to help ensure 'Security by Design' is embedded.
- Review test scripts and user stories provided by application developers and ensure these adhere to secure coding guidelines, and secure SDLC principles for the business
- Work with third party security providers to coordinate automated and/or manual security code reviews and security code testing as part of the application development lifecycle for all qualifying applications across the ogranisation.
- Perform threat modelling for high risk applications to ensure security requirements meet the continually evolving threat and business landscape, and collaborate with application teams for appropriate remediation actions.
- Coordinate with the Technical Security Assurance Analyst to schedule and execute application penetration tests for all qualifying applications, using a risk-based approach for prioritisation.
- Proven working knowledge of ISO/IEC 27034:2011 (Information technology, Security techniques, Application security) or OWASP SAMM standards
- Proven working knowledge of the Open Web Application Security Project (OWASP)
- Working knowledge of the Java or .NET programming languages
- Prior work experience in information security is essential
- Prior work experience in secure application development and/or application security testing is required
- Experience of web application and agile development methodologies
- Strong interpersonal and communication skills; able to deal effectively with diverse skill sets and personalities, works effectively as a team player
- Strong understanding of application security vulnerabilities and testing techniques
- Advanced understanding of secure SDLC processes and ability to implement secure SDLC in developing and designing effective solutions
- In-depth understanding of enterprise and web application development platforms
- Proficient in reporting to leadership on programme effectiveness
- Organised with a proven ability to prioritise workload, meet deadlines, and utilise time effectively
- Strong analytical skills