DevSecOps Engineer

We are seeking a proactive and collaborative Application Security Engineer who speaks the language of developers, thrives in the purple team space and is an automation advocate. The successful candidate will work closely with engineering & IT teams to enhance the security of our applications, API’s and infrastructure by implementing preventative controls and identifying risks through security testing. 

You Will:

• Act as a security champion to foster the secure by design approach across the business. 
• Support the identification and analysis of web application security vulnerabilities across the business to reduce risk. 
• Oversee daily management of application security platforms to maintain comprehensive coverage, ensure compliance and remediation of findings. 
• Conduct threat modelling and review application architectures to identify potential risks early in the SDLC. 
• Implement application security controls and proactive measures to prevent security incidents. 
• Implement and manage SAST/SCA tooling across our application repositories to identify source code risks. 
• Scale automated DAST solutions across our applications to maximise testing coverage and provide visibility into runtime security posture. 
• Provide security guidance and remediation advice to engineers where applicable. 
• Carry out penetration testing on internally developed applications to identify security defects. 
• Review and assess the security of third-party vendor applications through configuration and hardening reviews. 
• Validate remediation of security issues by the development team and 3rd parties. 
• Coordinate and arrange external penetration testing assessments to independently evaluate the security of our applications. 
• Build and maintain effective collaboration with development and IT teams.

#LI-Hybrid