Job Duties
1. Manage and provide leadership to a team of security engineers, including hiring, training and performance management.
2. Collaborate with Development & DevOps engineers to evaluate and operationalize security tools integrated in development environments.
3. Collaborate with product managers, scrum masters, and application development to identify and inject security requirements into Acceptance Criteria of epics/ stories.
4. Provide subject matter expertise on secure coding practice relating to SDLC, assist in building and rolling out related guidelines and standards, Conduct code scanning, including Static Application Security Testing (SAST), Software Composition Analysis (SCA), Software Composition Scanning (SCS), Infrastructure as Code (IaC), Dynamic Application Security Testing (DAST) and perform manual source code reviews for high-risk components.
5. Research and monitor emerging threats and vulnerabilities, understand current industry and technology trends and opportunities, and assess their impact to applications and the business. Drive Risk Management and Security Compliance within the AppSec environment.
6. Participate in a review board to address false positives and provide application security governance.
7. Create documentation for application security metrics, policies, procedures, standards, guidelines and training.
Required Qualifications
8. High level of expertise in Application development and security acquired through educational qualifications in computer science, Cyber Security or related field and a minimum of 4 years of relevant experience.
9. A proven track record in providing expertise and guidance in developing cloud hosted applications with focus on security on C#, Java, Python, .Net, MongoDB, SQL Server, Oracle etc
10. Strong understanding of various computing systems including Cloud architecture (AWS/Azure/GCP)
11. Detailed knowledge of operating security tools such as SAST, SCA and DAST and - supporting teams to use them in the most effective ways.
12. Strong working knowledge of various information technologies including user authentication, authorization pattern and components including knowledge of MFA mechanisms and configuration. Good awareness of industry best practices
13. Data analysis, metrics development and reporting
14. Experience with working in a highly outsourced environment (both infrastructure outsourcing and security operations outsourcing)
Preferred Qualifications
15. CISSP, ISO 27001, CASE or relevant certifications
16. CISSP, CASEor relevant certifications
17. Experience with working in a highly outsourced environment (both infrastructure outsourcing and security operations outsourcing)
18. Demonstrated ability to take initiative and accountability for achieving results.
19. Effective communication skills with technical and non-technical staff
Working Conditions
20. This position is a remote position based in the United Kingdom with occasional travel required for team meetings, training, or conferences etc.
21. The Application Security Manager may be required to work flexible hours to accommodate different time zones or urgent situations.
Please note that the above job description represents a general overview of the responsibilities and requirements for this position at Accurate Background. Duties and qualifications may vary based on specific business needs and organizational changes. $60700 - $91150 a yearThe annual base salary for this position ranges from £60,700 - £91,150. Pay will vary depending on job-related knowledge, skills, experience, and relevant education and training. This position may also be eligible for an annual performance-based bonus, commission, or other variable pay plan. The Company also offers a full range of benefits, including medical, dental, and 401k. Your recruiter can share more details about the specific compensation package during the hiring process.