Ideas | People | Trust
We're BDO. An accountancy and business advisory firm, providing the advice and solutions entrepreneurial organisations need to navigate today's changing world.
We work with the companies that are Britain's economic engine - ambitious, entrepreneurially-spirited and high growth businesses that fuel the economy - and directly advise the owners and management teams that lead them.
We'll broaden your horizons
To ensure our services and applications are fit for the modern market, our IT team collaborates with every department. They develop, they explore and they implement the new ideas helping us to change the future of accounting, tax and business consulting. But, just as importantly, they maintain the tech that keeps us advancing. By testing and adopting the future of financial technical solutions, they find new and exciting ways to drive us forward. In an IT role at BDO, you'll become part of a team that acts as the backbone for our business. No matter who you are or what your skillset is, we'll give you the training and support you need to achieve whatever you put your mind to.
We'll help you succeed
Leading organisations trust us because of the quality of our advice. That quality grows from a thorough understanding of their business, and that understanding comes from working closely with them and building long-lasting relationships.
We are seeking a highly motivated and experienced Lead Software Security Engineer to join our team. You will have a strong background in software development, security, and operations. This role is required to support the Digital Product Management team in embedding security requirements and best practices into new Digital Products and Services. You will work closely with the Digital Product Management and IT Security teams to establish and build the right security controls and quality state gates across the product lifecycle. This includes security tooling to manage these controls.
In this busy and rewarding role, you'll also:
1. Collaborate with software development teams to integrate security into the development lifecycle
2. Own the cultural shift to a Security DevSecOps mindset
3. Manage & implement security controls, tools, and processes to secure applications and infrastructure
4. Monitor and respond to security incidents and threats in a timely manner
5. Stay up-to-date with security trends and best practices to continuously improve security posture
6. Automate security testing and deployment processes to ensure rapid and secure delivery of software
7. Develop and maintain security documentation and training materials
8. Develop and implement the product security strategy in alignment with organisational goals
9. Integrate Application Security Tools within existing Development Processes
10. Assist with the Planning & Execution of Application Penetration Tests
11. Serve as a Subject Matter Expert (SME) in the field of Application Security
12. Define security NFR's and ensure these are met
13. Report on compliance with security standards
You'll be someone with:
1. Strong experience in software development and security
2. Proficient in scripting languages such as Powershell, YAML, JASON, etc.
3. Collaborate with development teams to integrate security best practices into the secure software development lifecycle (SDLC) and ensure products are built securely
4. Oversee vulnerability management and remediation efforts, including leading responses to pen test findings and security assessments
5. Experience conducting risk assessments and threat modelling for software development and advise where necessary
6. Experience in software security design review
7. Strong knowledge of Agile, DevSecOps, System Engineer and or equivalent
8. Knowledge of security standards and secure development principles such as NCSC Secure Development & Deployment Guidance, OWASP, NIST Secure Software Development Framework (SSDF - 800-218), Microsoft Azure Secure Development best practices, ISO27001
9. Experience with Azure cloud infrastructure, particularly Azure PaaS service
10. Experience with Azure DevOps, particularly CI/CD and backlog management
11. Prepare and present regular security reports to senior management, ensuring compliance with security standards and regulations
12. Expertise with security tools and familiarity with DevSecOps processes
13. Bachelor's or Master's degree in Computer Science, Cybersecurity, or related field (preferable)
At BDO, we'll help you achieve your personal goals and career ambitions, and we have programmes, resources, and frameworks that provide clarity and structure around career development. #J-18808-Ljbffr