This role reports to the Head of Information Security.

What you'll be doing:

• Build a very close working relationship with wider Product, DevOps, and Engineering teams to advise on security architecture as well as security requirements in new and existing products or software.
• Create and maintain application security policies including secure coding policies, procedure, and standards to include necessary security checkpoints, code review etc as part of software development life cycle (SDLC).
• Perform application vulnerability assessment, code reviews and risk assessments by partnering with Developers to implement security remediation for identified weakness.
• Ensure appropriate security controls and processes such as threat modelling and security testing are embedded into the Engineering development processes in a seamless manner.
• Drive the continued education of engineers and DevOps team around security requirements.
• Work closely with IT consultants and service providers to scope, manage and remediate regular penetration testing assessments.
• Continually review and improve the security function by identifying possible improvements, developing skills, identifying new techniques, and developing automation to mitigate security risks and incidents efficiently.
• Apply threat intelligence and other information sources to identify events/risks relevant to the company and integrate this into existing security processes for targeted remediation.
• Contribute to various projects and support the Head of Security in the delivery of the cybersecurity roadmap in accordance with timeframes and budget.
• Producing metrics reporting the state of application security programs and performance of development teams against requirements.

What you'll be bringing:

• Ideally 4-5 years relevant experience in security, preferably in application security or software engineering role
• Experience with and knowledge of security principles, techniques, technologies, threat modelling and vulnerability assessment.
• Relevant security certifications (CISSP, GIAC, Security+, CEH, OSCP etc)
• Strong understanding of prominent application vulnerabilities, such as OWASP Top 10 and similar application security methodologies e.g., CWE/SANS Top 25.
• Strong technical skills including networking, software engineering, systems administration, penetration testing and vulnerability assessments
• Familiarity with AWS security, including Amazon WAF, GuardDuty, Shield configuration, CloudFront, SSE-C etc.
• Experience with manual and automated secure code and architecture reviews.
• Experience with security tools including static/dynamic, white-box/black-box code analysis and vulnerability scanning such as Snyk, AquaSec, DependaBot and SonarCloud.
• Experience in working with software developers to advise on security controls and requirements
• Experience in application development and scripting using Java, Groovy, Python and Bash
• Experience in highly automated DevOps environments and familiarity with tool sets including Git, ARM, EBS, CloudFormation, Docker, Kubernetes, Puppet, Chef etc
• Excellent stakeholder management
• Excellent clear communication in both written and verbal
• Excellent report writing skills and experience