18 days ago
As Application Security Officer you will be working with the Senior Information Security Officer in providing expertise to inform and validate the secure design and development of IT applications including changes to existing applications and cloud security
You will define consistent Secure Software Development Lifecycle practices for all technology projects throughout the planning and delivery cycles that assure that application security risk is mitigated.
- Work closely with wider teams to perform/lead assessments to risk profile new and existing IT applications/assets, Security architecture and low-level application Security design.
- Provide SME input for security measures and controls that must be incorporated as security in design for mitigation of risk during, new application on-boarding, project delivery, enhancements to existing IT assets, or migration to cloud services.
- Working with wider IT teams review projected compliance of the IT asset to security controls and measures recommended, and feed into various Security and Architecture review committees with a security decision or reservations.
- Provide SME guidance during solution design and mitigation development.
- Security verification and validation via scheduling and coordination of penetration testing / re-tests, including collaborating with development teams to ensure remediation of risks identified.
- Conduct periodic reviews for controls and security measures applied within IT assets are in-line with continual threat modelling, legal / regulatory and compliance obligations
- Define consistent Secure Software Development Lifecycle practices for all technology projects throughout the planning and delivery cycles that assure that application security risks are mitigated. Including SAST/DAST and SCA.
- Provide input to the IT Risk Officer to formally capture any risk associated to application security
- Participation in both internal and external audits / assessment in relation to application security. Including management of findings
- Help the organization evolve its application security functions and services
- Preparing and conducting security training / awareness campaigns to development engineers, operations teams, and compliance teams to ensure everyone in the organization understands the company's security posture and follows the same standards.
- Work with IT Asset Manager to ensure that inventory of applications, including application profile information based on the CIAT rating is up to date. Also that timely reviews of security measures are completed and audit trails are preserved.
- Work with Business & IT Continuity Officer to ensure the Critical Asset recovery plans are up to date and adequate scenarios for BCP/Disaster recovery are well established, planned and tested.
What you need;
- In-depth knowledge of security concepts (OWASP Top 10 and CWE 25) and Cloud hosted solutions (O365, Azure AD, Azure/AWS environments)
- Understanding of current and emerging security technologies and threats.
- Proficient with methodologies, tools, best practices and processes across various cybersecurity areas
- Proven experience with threat modelling and risk analysis
- Experience with penetration testing and vulnerability analysis frameworks and tools
- Well versed with driving and implementing secure development practices in to SDLC & CI/CD.
- Ability to gather written and verbal information from multiple sources, assess and consolidate risks to provide appropriate recommendations
- Ability to effectively present and communicate security threats and risks to any audience
- Problem solving and analytical skills; able to quickly digest any issue/problem encountered and recommend an appropriate solution.
- Self-motivated; able to work independently; able to negotiate and bring consensus to diverse priorities across teams
- Familiar with waterfall and agile development processes and have experience integrating secure development practices into both models
- Technical expertise in Software development, Network engineering, authentication or security protocols, systems engineering, cryptography
- Microsoft Certified Azure Security Engineer Associate, Certified Cloud Security Professional, AWS Certified Security or Equivalent.
- Experience working in an equivalent security related role.
Oscar Technology is acting as an Employment Agency in relation to this vacancy.