Banner Default Image

Application Security Manager

Back to job search

Application Security Manager

  • Location:

    Guildford

  • Sector:

    ConSol UK Software Development

  • Job type:

    Permanent

  • Salary:

    £90000.00 - £110000 per annum

  • Contact:

    Tom Carpenter

  • Contact email:

    tom.carpenter@consolpartners.com

  • Job ref:

    BBBH408149_1668180419

  • Published:

    about 1 year ago

  • Expiry date:

    2022-11-18

  • Startdate:

    ASAP

  • Client:

    ConSol Partners

Responsibilities

  • Design Security standards and best practices, aligning with the overall technology strategy
  • Curate a set of application security controls and best practice security approaches
  • Design security architecture features to mitigate threats as they emerge
  • Work with Architects/Operations to review and design solutions that balance business requirements with information and cyber security requirements
  • Design and implement a Secure SDLC and communicate and train Engineering staff to support its adoption
  • Work with Architects/Operations/Product Managers to build roadmaps that ensure that the application is secure
  • Review of code for architecturally significant areas
  • Be involved in maintaining the KPIs/metrics around security standards for the products
  • Liaise with internal stakeholders and external vendors to coordinate regular Penetration Tests
  • Manage findings from Unily and customer conducted penetration tests and security scans, providing responses, and raising defects for remediation as necessary
  • Provide responses on application security to contract proposals and RFPs
  • Ensure Security roadmaps are always current and up to date
  • Ensure Security KPIs/Metrics are always current and up to date
  • Implement security training plans for teams
  • Develop and Coordinate security champions within sprint teams
  • Identify and communicate current and emerging security threats using industry threat intelligence
  • Continuously look for ways to improve effectiveness and productivity and provide innovative solutions to difficult problems
  • Knowledge sharing of technology/trends to teams



Desirable Knowledge, Skills and Experience

  • Strong .NET, JavaScript, and cloud database skills
  • Understanding of REST APIs
  • Understanding of Web Architecture
  • Experience in ethical hacking, Penetration Testing/Code scanning tools
  • Expertise in Identity and access management (IAM) frameworks
  • Experience of presenting and training various people in an organisation on security standards and best practices
  • Ability to explain complex concepts to diverse audiences
  • Experience of Agile methodologies
  • Understanding of Software Security Architecture and Design, SDLC and the ability to clearly articulate best practices for application security
  • Experience with the OWASP Top 10, WASC TC v2 and\or CWE Top 25 - how to identify and remediate them
  • Security experience with public cloud environments such as Microsoft Azure
  • Experience of security for mobile applications (phone, tablet)
  • Certified in recognised industry security qualification:
    • Certified Information Systems Security Professional (CISSP)
    • Information Systems Security Architecture Professional (ISSAP)

Required Attributes

  • Ability to create and follow processes thoroughly and attentively
  • Excellent spoken and written communication skills
  • Capable of working independently and as part of a team
  • Passion for quality with high standards for personal and collective achievement
  • Friendly, with a good sense of humour
Back to job search