Application Security Specialist

Application Security Specialist A leading Investment Bank are looking for an Application Security Specialist with an understanding of development lifecycles to be part of the implementation, running, testing, reporting and continuous improvement of the application security controls and processes.

Application Security Specialist

A leading Investment Bank are looking for an Application Security Specialist with an understanding of development lifecycles to be part of the implementation, running, testing, reporting and continuous improvement of the application security controls and processes.

Key Accountabilities

  • Understand the business unit's applications and the risk appetite
  • Integrate security into the development lifecycle through various security testing tools and processes such as SAST, DAST, Penetration testing etc.
  • Identify, resolve and assist in management of security threats, vulnerabilities, non-compliances and risks, focussing on application security
  • Respond to application security events and incidents (co-ordinate business unit response and remediation
  • Perform deep dives on application security vulnerabilities , including root cause analysis of issues, proposing tactical and strategic solutions; and influencing key stakeholders to deliver necessary control enhancements.
  • Support delivery of a programme of work to ensure compliance with the Group Cyber and Information Security posture across the local business, principally covering, application security.
  • Communicate specific business unit needs to group projects and escalate non-compliance, providing business value
  • Provide application security advice and direction to projects and business initiatives as required. Ensure change initiatives incorporate application security requirements
  • Be aware of legal and regulatory requirements impacting cyber and application security and advise on compliance.

Essential Skills

  • The successful candidate must have strong cyber project management / enough technical background and experience of application security detection and prevention controls.
  • Experience in working with development team
  • Have a reasonable understanding of development lifecycle and the relevant security/non-security toolset
  • Demonstrable relationship/stakeholder management and negotiation skill

Desirable skills

  • The candidate will preferably be educated to a degree level or above in an Information Security related discipline. CISM, CISSP, CSSLP, ISO27001 or equivalent.
  • Experience in the financial services sector
  • Ability to work in a constantly changing and fast paced environment