Key accountabilities and measures

The Application security engineer will be responsible for the following activities and functions:

• Provide security remediation advice and engineering solutions to development and testing teams;
• Provide mentorship to security analysts, testers, and development teams during application security assessments. Able to identify, re-create, and remediate security defects;
• Strong understanding of various development practices, and how to integrate / build security into those practices;
• Experience with a Threat Model program for an enterprise;
• Experience using and testing REST and/or SOAP APIs;
• In-depth knowledge on common web application security flaws and secure coding practices and the ability to clearly explain security issues to project and development colleagues;
• Advocate use of OWASP Application Security Verification Standard (ASVS) across development teams, explain how it applies to application development teams, and why it matters;
• Ability to prioritize and supervise security issues and work with the key teams to ensure remediation;
• Serve as a leader by promoting security awareness, mentoring other team members, and staying up-to-date on current development methodologies (Agile/DevOps);
• Understand HTTP, REST, SOAP, XML and JSON as it relates to APIs and AJAX;
• Understanding of AWS, Azure, and vSphere APIs;
• Provide in-person training to development teams when necessary;

Key skills

Education

Bachelor's degree in computer science, information systems, cybersecurity, software engineering or a related field, or equivalent experience.

Security and Technical Experience

• 3 years+ in enterprise software development;
• 2 years+ in Security;
• Strong experience with modern development languages and frameworks, with a passion to make security realistic, achievable and interwoven with the business fabric;
• Experience with Threat Modelling in an enterprise, not just theoretical;
• Strong oral, written, and presentation abilities - able to convey risk to all levels of the business, from C-level executives to operations and development teams;
• Experience in migrating enterprise companies from traditional data centre infrastructure, application and data designs to hybrid or fully-cloud enabled practices;
• Strong experience with cloud provider ecosystems, including Amazon AWS, Microsoft Azure;
• Strong understanding of web applications and architectures, relational and non-relational databases, and hardware architectures, and effectively applying the principles of information security to IT environments;
• Strong experience working in a multi-platform, multi-protocol, distributed enterprise computing environment;
• Strong understanding of modern application development and operational philosophies;
• Some project management experience: Able to assess needs, define objectives, identify resources needed to achieve objectives and begin implementation towards goal completion;
• Able to work efficiently alone and as part of a larger project team;
• Current understanding of Industry trends and emerging threats;
• Understanding of incident response methodologies and technologies;
• Experience in mobile application development (Android and iOS);
• Experience with application testing tools (eg. SAST, DAST, IAST, etc);
• Exposure too Agile methodologies (SAFe, Kanban, Scrum);

Personal Attributes

• Pragmatic and solution oriented
• Able to exercise independent judgement and act on it
• Committed to deliver continuous service improvement
• Ability to prioritise multiple concurrent tasks in a fast paced environment without supervision.
• Ability to remain calm when under strain
• Experience of working in a global / multi-site, matrix environment
• Excellent listening, interpersonal, written and verbal communication, and presentation skills
• Quality mind-set
• Influencing skills in areas with no direct reporting authority
• Leadership skills, in particular the ability to influence security centric behaviour in others and to encourage high performance from colleagues in regard to protecting our customer’s data.
• Partner Management.
• Able to translate the most technical information to a level anyone can understand.
• Be hardworking, with high energy levels, motivation and seek to succeed.
• Be a creative and strategic problem solver with ability to seek security challenges that others cannot.

#LI-ZF1