Application Security Lead

April 17

Apply Now

Get a free AI resume review

AND Digital

WebsiteLinkedInAll Job Openings

We’re on a mission to close the world’s digital skills gap.

Digital Delivery • Product Development • Product Analysis • Digital Learning • Flexible Resourcing

1001 - 5000

Description

• As the AppSec Lead, you will play a critical role in helping us build a secure culture and embed secure engineering practices. • You will support and develop a thriving community of Security Champions across the business • You will gather and summarise progress being made on Security Champion matters • You will lead the development and implementation of our Application Security Strategies, programs and roadmaps, ensuring they align with our risk appetite and industry standards. • You will also be responsible for implementing “Secure by Design” processes and key initiatives around secure software delivery, and developing security controls and architecture principles. • When needed, you will work closely with the development and engineering teams, supporting them on security matters within the SDLC process • Act as the point of contact in the business for all Application Security queries and act as the security advocate for the other Group IT and Security functions. • Collect, review and share relevant information security news & CVE’s with security champions network making them aware of high risk vulnerabilities and ensuring appropriate projects are validated. • As the SME of Application Security within the business, you will work across a variety of different teams to provide guidance and support on all things AppSec (including internal teams).

Requirements

• 5 to 7+ years experience working as an AppSec professional with a passion for technology and a drive to make a real impact. • Experience with Threat modelling, including running threat workshops and training others in effective threat modelling practices. • You will have a strong understanding of secure software development principles and a proven track record in leading the implementation of AppSec programs. • You will be an excellent communicator, able to deliver technical training, build strong relationships with a wide range of stakeholders, and be able to balance technical expertise with business acumen. • You will ideally have experience of standards certification to ISO-27001, ISO-22301, CyberEssentials Plus, NIST, OWASP ASVS, OWASP Top10 and other relevant security standards. • Experience in software development and related technologies surrounding the software development lifecycle including CI systems, SAST, DAST & SCA Systems would be beneficial • Certifications (or working towards) one or more of the following areas are highly desired: CSSLP, CISSP, CISM, GISO, GCIH, Comptia Security+ • You will demonstrate a passion for learning more in the security domain

Benefits

• Competitive package, with share/equity participation early on • Flexible benefits and a great mix of office and home working • Join a growing, professional and driven team that is closely knit and supportive • Make a huge impact in creating a unique company • Training time every year to learn, develop and grow • Part of a team focused on Global Growth • Be valued and learn lots