Who we are looking for
A Senior Information Security Specialist, who will focus on the technical side of IT Security, specifically looking at application security and code analysis to ensure applications are built securely.
The application security team deal with the security of closed source, open source and in house written applications. The objective is to ensure applications are developed in a way that is secure and compliant with the Company’s regulatory obligations.
You will be working closely with the software development function, to ensure that application based vulnerabilities are understood and mitigated. It is therefore important that you possess an understanding of the Secure Software Development Lifecycles and the assessment of code.
This role is part of the broader Information Security department, which is comprised of engineers and analysts with varying backgrounds. Collectively, the team utilises enterprise and bespoke tooling to identify and mitigate threats to safeguard the Business.
This role is eligible for inclusion in the Company’s hybrid working from home policy.
Preferred skills and experience
* Excellent understanding and demonstrable experience of automated, dynamic and static application security testing tools.
* Excellent understanding and experience with manual security testing to find vulnerabilities and logical issues.
* Knowledge and understanding of OWASP and its utilisation within threat modelling.
* Experience of software development and languages.
* Working knowledge of CI and CD pipelines and associated security tooling.
* Use of planned structured methodologies for conducting and reporting on Web Application Penetration Testing.
* Strong documentation skills.
* Excellent communication skills.
Main Responsibilities
* Providing support to technical leads and mentoring junior members of the team.
* Taking a lead role in the project process to ensure that information security aspects are considered up front and throughout the project lifecycle.
* Contributing to and utilising our security testing methodologies, creating and updating technical documentation as necessary.
* Conducting manual and automated source code review.
* Liaising with the software development function to ensure that security is considered throughout the lifecycle.
* Identifying and managing any security flaws within our software through appropriately liaising with external bodies where necessary.
* Performing risk assessments, threat modelling and design reviews to ensure effective security controls.
* Identifying opportunities for converting manual tasks into automated processes and identify tooling to support such automation.
By applying to us you are agreeing to share your Personal Data in accordance with our Recruitment Privacy Policy which can be found at