Key accountabilities and measures

The Application security engineer will be responsible for the following activities and functions:

• Lead and handle a continuously improving application security engineering practice
• Develop re-usable patterns and building blocks that enable automation and scaling of application security controls
• Collaborate with Product Owners and Engineers to build security into all steps of SDLC process, from plan through design, build, test, deploy and run
• Efficiently and optimally develop threat models for key applications and components, in collaboration with external suppliers
• Promotion of security awareness through developing a community of security champions and engineers
• Lead the end-to-end vulnerability management processes and outcomes
• Promote shift-left practices and develop practices and tools to operate at scale
• Collaborate and support the multi-functional security engineering and security architecture community
• Deliver measurable improvements to the application security capability

Key Skills and Background

• Superb software engineering, penetration testing capabilities and threat modelling capabilities
• Demonstrated experience with application security capability modelling and improvement roadmap development (e.g. OpenSAMM).
• Leadership and management of 3rd party partner resources
• Provide in-person training to development teams
• Azure and AWS native application experience
• Adapt application security practices for scaled-agile

Education

• OCSP or GIAC certifications
• Bachelor's degree in computer science, information systems, cybersecurity, software engineering or a related field

Personal Attributes

• Pragmatic and solution oriented
• Able to exercise independent judgement and act on it
• Committed to deliver continuous service improvement
• Ability to prioritise multiple concurrent tasks in a fast paced environment without supervision.
• Ability to remain calm when under strain
• Experience of working in a global / multi-site, matrix environment
• Excellent listening, interpersonal, written and verbal communication, and presentation skills
• Quality mind-set
• Influencing skills in areas with no direct reporting authority
• Leadership skills, in particular the ability to influence security centric behaviour in others and to encourage dedication from colleagues in regard to protecting our customer’s data.
• Partner Management.
• Able to translate the most technical information to a level anyone can understand.
• Be hardworking, with high energy levels, motivation and seek to succeed.
• Be a creative and strategic problem solver with ability to seek security challenges that others cannot.

M&S is ready to push boundaries to lead the industry into a greener, speedier, more inspiring digital era. That’s why we’re revolutionising how we work and offering our most exciting opportunities yet. There’s never been a better time to be part of our team. Marks & Spencer aims to be an inclusive organisation, trusted and admired by our colleagues, customers and suppliers. Join us and make an immediate impact. We are committed to an active Inclusion, Diversity and Equal Opportunities Policy, which starts with our recruitment and selection process, and we are happy to talk flexible working.  We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process. If you consider yourself to have a disability or learning difficulty which means you are unable to complete the application process online, please get in touch either by phone on 0345 300 3725 or by email recruitment.online@marksandspencer.com so we can make alternative arrangements for you.

#LI-ZF1