Want to join an award-winning challenger bank?
We are looking for a passionate Application Security (AppSec) Engineer to join one of the UK’s newest digital banks, dedicated to supporting the UK’s small and medium-sized businesses.
Do you have previous experience in a software engineering role and hands-on experience with Cyber Security or SOC? Do you have strong analytical and problem-solving skills?
If you have a background in software engineering, Cloud (AWS) security/Cyber Security or as a SOC Analyst, this role could be for you.
As a software-based and data-driven bank, the role of the AppSec engineer will be to support the IT department to ensure that every step of the software development lifecycle (SDLC) follows security best practices.
This will include working closely with the development team to help them understand what security flaws they need to watch out for, and how to fix the ones already present in the apps.
The Application Security Engineer will help evolve the application security functions and protect the Bank’s applications from security attacks by developing, inserting and testing security components that make the applications more secure.
Understanding technology change controls is critical to this role and the AppSec Engineer must be prepared to consider all impacts of change.
Bringing this technical expertise in-house will allow our client to continue to enhance its security posture to benefit both the users and our customers while developing knowledge internally and reducing its dependency on external contractors.
As App Sec Engineer, you will
- Promote a culture of security throughout the SDLC by advocating a shift left mentality to ensure possible threats or security issues can be addressed early
- Drive the security mindset into the teams who are responsible for the applications they create, maintain and run
- Help build the Application Security strategy and assist in defining the secure code development framework for the Bank
- Define security requirements, guidelines, and policies for our developers, platforms, tooling, and services
- Be a ‘Subject Matter Expert’ within specific areas of Application Security (OAuth, SAML, API Security etc)
- Perform threat modelling, assess security controls, and recommend best security practices, methods and tools
- Work with developers to perform security testing – both manual and automated, triage and remediation
- Orchestrate web and mobile application penetration testing when required
- Implement advanced testing applications by patching and utilising shielding tools that harden the Bank’s applications
- Maintain technical documentation
- Identify new technologies, tools, and approaches to help continually improve the Bank’s security standards and qualities
To be considered for the role of App Sec Engineer, it is essential that you have
- Experience in an engineering role (AppSec, Software Development, Scripting, Testing etc)
- Background in an engineering role and hands-on experience in a development environment
- Strong research, analytical and problem-solving skills
- Good knowledge of DevOps CI/CD workflows, tools, and integration points and experience integrating security into SDLC
- Good knowledge of running systems/applications in an enterprise IT environment, comprised of bare metal, VMs, and containers
- Experienced in performing code reviews and writing security tests
- Understanding of security frameworks (BSIMM, ISO etc)
- Deep knowledge of best practices in writing secure code (e.g OWASP, NIST etc)
- Threat modelling experience against industry standard frameworks
- Previously worked with cloud services – preferably AWS and AWS security services
- Have a view of what ‘good’ looks like in a cloud-native world
- Formal Cyber Security Qualification and/or relevant bachelor’s degree such (e.g CCSP, CSSLP or CISSP)
Not essential, but desirable would be skills and experience in the following
- Knowledge of more than one programming language (e.g Go, Rust, Python)
- Previous experience within financial services
- Experience with container technology
- Good project management skills and/or substantial exposure to project-based work structures, project lifecycle models etc
- Familiar with Atlassian products
Our client offers and promotes a healthy work-life balance with flexible working hours and hybrid-office working across 3 sites; London, Birmingham or Manchester.
Ignite Digital Talent are committed to creating equal opportunities, and welcome job applications from all who are qualified and eligible to working in the UK, regardless of colour, ethnic or national origin, race, gender, sex, disability, age, sexual orientation, religious or political beliefs, marital status, or family circumstances.
This role can be based across any of three offices in the UK – London, Birmingham or London.