An opportunity has arisen for a Senior Application Security Specialist to join the CISO department as part of the Security Consultancy & Design team within Aviva.

The CISO team keeps Aviva safe and secure globally, that's everywhere we operate the Aviva brand.  We underpin the digital agenda, using our knowledge and capabilities to enable the business to move forward faster and with confidence. We are committed to providing enhanced security, with ongoing investment to maintain secure and resilient control over our information assets against the new cyber threats of the digital era.

We embed effective governance, we need to ensure we are 'secure by design' to protect our brand.  All our change initiatives follow the CISO governance process and our systems and services, including legacy, will be as secure as they can be.

Ultimately, we ensure our employee and customer data is rigorously protected from attack and theft, but also securing what makes Aviva so special.

Our frameworks and models are unique and highly valuable, so we also need to protect 'what makes Aviva, Aviva'.

Duties & Responsibilities:

• Undertake application end to end security testing and security reviews of business-critical applications and infrastructure.
• Understand the architecture of applications including identifying appropriate security controls where applicable.
• Experience in performing security tests across applications in an agile environment, on a varied technology stack including 3rd party libraries and mobile applications (Android, iOS), web services (REST, SOAP), thick and thin client applications.
• Develop and maintain secure coding and testing standards and guidelines.
• Work with the development and testing community, providing SME advice to understand and remediate coding vulnerabilities of applications implemented in various programming languages.
• Support the development teams in identifying false positives in code scanning reports and maintaining SAST rulesets.

Skills & Experience required :

• Professional qualification in Information Security e.g. Certified Information Systems Security Professional (CISSP) or similar.
• Professional qualification in Penetration Testing (e.g. CEH/ GIAC GPEN/GWAPT, OSCP or OSWE).
• Experience with one or more of the development technologies including Microsoft .Net, Java, J2EE, Python, Apple IOS or Android.
• Experience in working within application Security, ideally in the Financial Services sector.
• In-depth knowledge of information security governance processes and practices, including ISMS monitoring and control frameworks such as, ISO, ISF and COBIT, their relationships to other frameworks and their application within a financial services environment or other highly regulated industry.
• Good understanding of Secure Development Lifecycles and their application in an agile environment.
• Good understanding of security architecture principles and processes.
• Good knowledge of IT Operations procedures and best practices and strong understanding of application threats.
• Strong knowledge on application security vulnerabilities OWASP top 10, SAN top 25.

What will you get for this role?

• Competitive salary depending on skills, experience and qualifications.
• Generous defined contribution pension scheme.
• Annual performance related bonus and pay review.
• Holiday allowance of 29 days plus bank holidays and the option to buy/sell up to 5 additional days.
• Up to 40% discount for some Aviva products through "My Aviva Extras" plus discounts for Friends and Family.
• Excellent range of flexible benefits to include a matching share save scheme.

We care about the wellbeing of our employees

How you feel at home, work and all aspects of your life are important to us.  Our programme - 'Be Healthy', 'Be Mindful', 'Be Secure' and 'Be Awesome' supports your physical, mental, financial and social wellbeing.

Here are just a few highlights:

• You'll be able to download Aviva Digital GP - a 24/7 personal GP service that enables you to get a video consultation with a GP and pharmacy service at the touch of a button
• We offer all UK employees subscriptions to Headspace for FREE
• We have subsidised 70% off the normal gym membership prices, meaning for a reduced monthly fee you will have access to a wide range of fitness venues.

Additional Information

One of Aviva's core values is Care More, and this is brought to life through the flexible ways we like to work. This may include working from home some of the time, or flexible work schedules to accommodate parent and carer responsibilities, further studies and hobbies.

Our diversity and inclusion policies and initiatives are shaping an environment where everyone feels welcome regardless of age, disability, race, ethnicity, gender, gender identity, religion, culture, sexual orientation, national origin, marital status, pregnancy, maternity or those with other caring responsibilities. Our approach helps to ensure that Aviva is a place which values difference and provides equal opportunities for all.

As a disability confident employer we guarantee to interview anyone with a disability, (As defined in The Equality Act 2010) whose application meets the minimum criteria for the post. (By 'minimum criteria' we mean that you must provide us with evidence which demonstrates that you generally meet the level of competence required, as well as meeting any of the qualifications, skills or experience defined as essential). Please apply through the website and then email the contact listed in the advert to notify us that you meet the conditions for the guaranteed interview scheme.

We prefer all applications to be submitted online, however if you require an alternative method of applying please contact Alice Neal in the Resourcing team on 0121 200 5926 and alice.neal@aviva.com.