Application security officer - united kingdom, borehamwood, hertfordshire

as application security officer (devsecops) you will be working with the senior information security officer to provide expertise to inform and validate the secure design and development of it applications including changes to existing applications.

you will define consistent secure software development lifecycle practices for all technology projects throughout the planning and delivery cycles that assure that application security vulnerabilities are mitigated.

key responsibilities:

define consistent secure software development lifecycle practices for all technology projects throughout the planning and delivery cycles that assure that application security risks are mitigated. including sast/dast and sca.work closely with wider teams to perform/lead assessments to risk profile new and existing it applications/assets, security architecture and low-level application security design.provide sme input for security measures and controls that must be incorporated as security in design for mitigation of risk during, new application on-boarding, project delivery, or enhancements to existing it assets.working with wider it teams review projected compliance of the it asset to security controls and measures recommended, and feed into various security and architecture review committees with a security decision or reservations.provide guidance during mitigation development.security verification and validation via scheduling and coordination of penetration testing / re-tests, including collaborating with development teams to ensure remediation of risks identified.conduct periodic reviews for controls and security measures applied within it assets are in-line with continual threat modelling and legal/regulatory obligationprovide input to the it risk officer to formally capture any risk associated to application securityparticipation in both internal and external audits / assessment in relation to application security. including management of findingsconducting internal and external application security assurance reviews against standards-based compliance requirements.help the organization evolve its application security functions and servicesmanage integration with vulnerability check tools such as static code analysis and dynamic code analysis toolspreparing and conducting security training / awareness campaigns to development engineers, operations teams, and compliance teams to ensure everyone in the organization understands the company's security posture and follows the same standards.provide sme advice to the information security team when approving access requests and firewall changes etc.work with it asset manager to ensure that inventory of applications, including application profile information based on the ciat rating is up to date. also that timely reviews of security measures are completed and audit trails are preserved.work with business&it continuity officer to ensure the critical asset recovery plans are up to date and adequate scenarios for bcp/disaster recovery are well established, planned and tested.

essential:

in-depth knowledge of security concepts, owasp top 10 and cwe 25understanding of current and emerging security technologies and threats.proficient with methodologies, tools, best practices and processes across various cybersecurity areasproven experience with threat modelling and risk analysisexperience with penetration testing and vulnerability analysis frameworks and toolswell versed with driving and implementing secure development practices in to sdlc&ci/cd.ability to gather written and verbal information from multiple sources, assess and consolidate risks to provide appropriate recommendationsability to effectively present and communicate security threats and risks to any audienceproblem solving and analytical skills; able to quickly digest any issue/problem encountered and recommend an appropriate solution.

-we can offer you 25 days holiday (including your birthday off), 2 days paid volunteering, 10% non-contributory pension scheme + 2.5% matched by the company, 4x death in service and private medical cover. a hybrid role from our offices in borehamwood. we also believe in promoting within and have an internal mobility plan that allows for advancement in cardif pinnacle. with huge plans on the horizon, now is a great time to join us!

remotecyber security, cloud security, penetration testing, network securitycyber security, cloud security, penetration testing, network security

More jobs