SOFTWARE SECURITY ENGINEER

The Application Security Team deals with the Security of Closed-Source, Open Source & In-House Written Applications. The objective is to ensure Applications are developed in a way that is Secure & Compliant with the Company’s Regulatory Obligations.

You will be working closely with the Software Development Function, to ensure that Application-Based Vulnerabilities are understood and mitigated. It is therefore important that you possess an understanding of the Secure Software Development Lifecycle & Assessment of Code.

This role is part of a Large-Scale Information Security Department, which is comprised of Engineers & Analysts. Collectively, the team utilises Enterprise & Bespoke Tooling to Identify & Mitigate Threats to Safeguard the Business.

Skills &Experience of Software Security Engineer will include:

• Strong Understanding & Demonstrable Experience of Automated, Dynamic & Static Application Security Testing Tools
• Good Understanding & Experience with Manual Security Testing to find Vulnerabilities & Issues
• Knowledge & Understanding of OWASP & Threat Modelling
• Experience of Software Development & Languages
• Working Knowledge of CI/CD Pipelines & Associated Security Tooling
• Use of Planned Structured Methodologies for Conducting & Reporting on Web Application Penetration Testing
• Strong Documentation Skills
• Excellent Communication Skills

Main Responsibilities of Software Security Engineer:

• Providing Support to Technical Leads & Mentoring Junior Members of Team
• Taking Lead role in Project Processes to Ensure Information Security aspects are considered Throughout Project Lifecycle
• Contributing to & Utilising In-House Security Testing Methodologies, Creating & Updating Technical Documentation
• Conducting Manual & Automated Source Code Review
• Liaising with Software Development Teams to Ensure Security is Considered Throughout Lifecycle
• Identifying & Managing Security Vulnerabilities within Software through Liaising with External Bodies where necessary
• Performing Risk Assessments, Threat Modelling & Design Reviews to Ensure Effective Security Controls
• Identifying Opportunities for Converting Manual Tasks into Automated Processes & Identify Tooling to Support Automation