Your new company
This is an exciting opportunity for an experienced cyber security professional with extensive technical experience in application security in an agile DevSecOps environment to join a world-renowned financial services organisation as a Senior Application Security Specialist. This is a hybrid role in London, with in-office working twice weekly.

Key Responsibilities

• Create, operate, and expand their Application Security Programme.
• Work closely with software product teams to consult them on identified vulnerabilities and mitigation plans.
• Automate recurrent tasks and embedding security best practices into Agile and DevOps processes.
• Document secure coding best practises.
• Perform hands-on Security Testing, as and if required.
• Design and engineering of CoS endpoint protection tools to enable the deployment, configuration, and on-going lifecycle management across the estate.
• Lead and deliver large, high-profile projects which span the group and require a broad perspective in solving.
• Manage and deliver changes to controls as necessary which are not part of project activity.
• Develop key indicators, analysis, and artefacts to continually evidence and report control effectiveness and risk for the group.

What you'll need to succeed

Technical knowledge and skills:

• Hands-on experience in enterprise scale implementations of automated Application Security Testing (SAST, SCA, IAST, etc)
• Knowledgeable in CI/CD practices as well as tools that implement them
• Ability to perform application security testing, report findings. and provide remediation guidance
• Deep understanding of common as well as emerging vulnerabilities and how they manifest in different types of applications (web applications, thick clients, APIs, etc)
• Familiarity with OWASP Top 10, SANS Top 25, NIST and ASVS
• Familiarity with popular development languages such as Java
• Familiarity with Agile, DevOps and DevSecOps
• Policies, standards and security frameworks, NIST, CIS. Strong skills to author formal documentation.
• Risk and control management, monitoring and reporting.
• The role holder is likely to hold one or more of the following certifications: CISSP, OSCP, TOGAF, GIAC, or those relevant to the role/domain area

Personal skills and attitudes:

• Ability to work well under pressure
• Stakeholder (technical) relationship management
• Critical thinker
• Practical application of lessons learned into the team’s practices
• Excellent verbal and written communication and presentation skills, with ability to convey technical concepts to non-technical audiences.

What you'll get in return
A competitive salary, plus a guaranteed 20% bonus and a performance-based 20% bonus on top of that.
Other benefits include healthcare and retirement planning, paid volunteering days and wellbeing initiatives.

We offer colleagues a range of support from healthcare and retirement planning to paid volunteering days and wellbeing initiatives.

What you need to do now
If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV, or call us now.
If this job isn't quite right for you but you are looking for a new position, please contact us for a confidential discussion on your career.